DSCResources/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10/MSFT_IntuneDeviceConfigurationEndpointProtectionPolicyWindows10.psm1
function Get-TargetResource { [CmdletBinding()] [OutputType([System.Collections.Hashtable])] param ( #region resource generator code [Parameter()] [System.Boolean] $ApplicationGuardAllowCameraMicrophoneRedirection, [Parameter()] [System.Boolean] $ApplicationGuardAllowFileSaveOnHost, [Parameter()] [System.Boolean] $ApplicationGuardAllowPersistence, [Parameter()] [System.Boolean] $ApplicationGuardAllowPrintToLocalPrinters, [Parameter()] [System.Boolean] $ApplicationGuardAllowPrintToNetworkPrinters, [Parameter()] [System.Boolean] $ApplicationGuardAllowPrintToPDF, [Parameter()] [System.Boolean] $ApplicationGuardAllowPrintToXPS, [Parameter()] [System.Boolean] $ApplicationGuardAllowVirtualGPU, [Parameter()] [ValidateSet('notConfigured', 'blockBoth', 'blockHostToContainer', 'blockContainerToHost', 'blockNone')] [System.String] $ApplicationGuardBlockClipboardSharing, [Parameter()] [ValidateSet('notConfigured', 'blockImageAndTextFile', 'blockImageFile', 'blockNone', 'blockTextFile')] [System.String] $ApplicationGuardBlockFileTransfer, [Parameter()] [System.Boolean] $ApplicationGuardBlockNonEnterpriseContent, [Parameter()] [System.String[]] $ApplicationGuardCertificateThumbprints, [Parameter()] [System.Boolean] $ApplicationGuardEnabled, [Parameter()] [ValidateSet('notConfigured', 'enabledForEdge', 'enabledForOffice', 'enabledForEdgeAndOffice')] [System.String] $ApplicationGuardEnabledOptions, [Parameter()] [System.Boolean] $ApplicationGuardForceAuditing, [Parameter()] [ValidateSet('notConfigured', 'enforceComponentsAndStoreApps', 'auditComponentsAndStoreApps', 'enforceComponentsStoreAppsAndSmartlocker', 'auditComponentsStoreAppsAndSmartlocker')] [System.String] $AppLockerApplicationControl, [Parameter()] [System.Boolean] $BitLockerAllowStandardUserEncryption, [Parameter()] [System.Boolean] $BitLockerDisableWarningForOtherDiskEncryption, [Parameter()] [System.Boolean] $BitLockerEnableStorageCardEncryptionOnMobile, [Parameter()] [System.Boolean] $BitLockerEncryptDevice, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $BitLockerFixedDrivePolicy, [Parameter()] [ValidateSet('notConfigured', 'disabled', 'enabledForAzureAd', 'enabledForAzureAdAndHybrid')] [System.String] $BitLockerRecoveryPasswordRotation, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $BitLockerRemovableDrivePolicy, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $BitLockerSystemDrivePolicy, [Parameter()] [System.String[]] $DefenderAdditionalGuardedFolders, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdobeReaderLaunchChildProcess, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdvancedRansomewareProtectionType, [Parameter()] [System.Boolean] $DefenderAllowBehaviorMonitoring, [Parameter()] [System.Boolean] $DefenderAllowCloudProtection, [Parameter()] [System.Boolean] $DefenderAllowEndUserAccess, [Parameter()] [System.Boolean] $DefenderAllowIntrusionPreventionSystem, [Parameter()] [System.Boolean] $DefenderAllowOnAccessProtection, [Parameter()] [System.Boolean] $DefenderAllowRealTimeMonitoring, [Parameter()] [System.Boolean] $DefenderAllowScanArchiveFiles, [Parameter()] [System.Boolean] $DefenderAllowScanDownloads, [Parameter()] [System.Boolean] $DefenderAllowScanNetworkFiles, [Parameter()] [System.Boolean] $DefenderAllowScanRemovableDrivesDuringFullScan, [Parameter()] [System.Boolean] $DefenderAllowScanScriptsLoadedInInternetExplorer, [Parameter()] [System.String[]] $DefenderAttackSurfaceReductionExcludedPaths, [Parameter()] [System.Boolean] $DefenderBlockEndUserAccess, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderBlockPersistenceThroughWmiType, [Parameter()] [System.Boolean] $DefenderCheckForSignaturesBeforeRunningScan, [Parameter()] [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, [Parameter()] [System.Int32] $DefenderCloudExtendedTimeoutInSeconds, [Parameter()] [System.Int32] $DefenderDaysBeforeDeletingQuarantinedMalware, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $DefenderDetectedMalwareActions, [Parameter()] [System.Boolean] $DefenderDisableBehaviorMonitoring, [Parameter()] [System.Boolean] $DefenderDisableCatchupFullScan, [Parameter()] [System.Boolean] $DefenderDisableCatchupQuickScan, [Parameter()] [System.Boolean] $DefenderDisableCloudProtection, [Parameter()] [System.Boolean] $DefenderDisableIntrusionPreventionSystem, [Parameter()] [System.Boolean] $DefenderDisableOnAccessProtection, [Parameter()] [System.Boolean] $DefenderDisableRealTimeMonitoring, [Parameter()] [System.Boolean] $DefenderDisableScanArchiveFiles, [Parameter()] [System.Boolean] $DefenderDisableScanDownloads, [Parameter()] [System.Boolean] $DefenderDisableScanNetworkFiles, [Parameter()] [System.Boolean] $DefenderDisableScanRemovableDrivesDuringFullScan, [Parameter()] [System.Boolean] $DefenderDisableScanScriptsLoadedInInternetExplorer, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderEmailContentExecution, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderEmailContentExecutionType, [Parameter()] [System.Boolean] $DefenderEnableLowCpuPriority, [Parameter()] [System.Boolean] $DefenderEnableScanIncomingMail, [Parameter()] [System.Boolean] $DefenderEnableScanMappedNetworkDrivesDuringFullScan, [Parameter()] [System.String] $DefenderExploitProtectionXml, [Parameter()] [System.String] $DefenderExploitProtectionXmlFileName, [Parameter()] [System.String[]] $DefenderFileExtensionsToExclude, [Parameter()] [System.String[]] $DefenderFilesAndFoldersToExclude, [Parameter()] [System.String[]] $DefenderGuardedFoldersAllowedAppPaths, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'blockDiskModification', 'auditDiskModification')] [System.String] $DefenderGuardMyFoldersType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderNetworkProtectionType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunch, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunchType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsLaunchChildProcess, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsLaunchChildProcessType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsOtherProcessInjection, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsOtherProcessInjectionType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeCommunicationAppsLaunchChildProcess, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeMacroCodeAllowWin32Imports, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeMacroCodeAllowWin32ImportsType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPreventCredentialStealingType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderProcessCreation, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderProcessCreationType, [Parameter()] [System.String[]] $DefenderProcessesToExclude, [Parameter()] [ValidateSet('monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderScanDirection, [Parameter()] [System.Int32] $DefenderScanMaxCpuPercentage, [Parameter()] [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, [Parameter()] [System.TimeSpan] $DefenderScheduledQuickScanTime, [Parameter()] [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderScheduledScanDay, [Parameter()] [System.TimeSpan] $DefenderScheduledScanTime, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptDownloadedPayloadExecution, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptDownloadedPayloadExecutionType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptObfuscatedMacroCode, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptObfuscatedMacroCodeType, [Parameter()] [System.Boolean] $DefenderSecurityCenterBlockExploitProtectionOverride, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableAccountUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableAppBrowserUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableClearTpmUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableFamilyUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableHardwareUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableHealthUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableNetworkUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableNotificationAreaUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableRansomwareUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableSecureBootUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableTroubleshootingUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableVirusUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI, [Parameter()] [System.String] $DefenderSecurityCenterHelpEmail, [Parameter()] [System.String] $DefenderSecurityCenterHelpPhone, [Parameter()] [System.String] $DefenderSecurityCenterHelpURL, [Parameter()] [ValidateSet('notConfigured', 'displayInAppAndInNotifications', 'displayOnlyInApp', 'displayOnlyInNotifications')] [System.String] $DefenderSecurityCenterITContactDisplay, [Parameter()] [ValidateSet('notConfigured', 'blockNoncriticalNotifications', 'blockAllNotifications')] [System.String] $DefenderSecurityCenterNotificationsFromApp, [Parameter()] [System.String] $DefenderSecurityCenterOrganizationDisplayName, [Parameter()] [System.Int32] $DefenderSignatureUpdateIntervalInHours, [Parameter()] [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedExecutable, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedExecutableType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedUSBProcess, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedUSBProcessType, [Parameter()] [System.Boolean] $DeviceGuardEnableSecureBootWithDMA, [Parameter()] [System.Boolean] $DeviceGuardEnableVirtualizationBasedSecurity, [Parameter()] [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $DeviceGuardLaunchSystemGuard, [Parameter()] [ValidateSet('notConfigured', 'enableWithUEFILock', 'enableWithoutUEFILock', 'disable')] [System.String] $DeviceGuardLocalSystemAuthorityCredentialGuardSettings, [Parameter()] [ValidateSet('notConfigured', 'withoutDMA', 'withDMA')] [System.String] $DeviceGuardSecureBootWithDMA, [Parameter()] [ValidateSet('deviceDefault', 'blockAll', 'allowAll')] [System.String] $DmaGuardDeviceEnumerationPolicy, [Parameter()] [System.Boolean] $FirewallBlockStatefulFTP, [Parameter()] [ValidateSet('deviceDefault', 'none', 'attempt', 'require')] [System.String] $FirewallCertificateRevocationListCheckMethod, [Parameter()] [System.Int32] $FirewallIdleTimeoutForSecurityAssociationInSeconds, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsAllowDHCP, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsAllowICMP, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsAllowNeighborDiscovery, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsAllowRouterDiscovery, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsNone, [Parameter()] [System.Boolean] $FirewallMergeKeyingModuleSettings, [Parameter()] [ValidateSet('deviceDefault', 'disabled', 'queueInbound', 'queueOutbound', 'queueBoth')] [System.String] $FirewallPacketQueueingMethod, [Parameter()] [ValidateSet('deviceDefault', 'none', 'utF8')] [System.String] $FirewallPreSharedKeyEncodingMethod, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $FirewallProfileDomain, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $FirewallProfilePrivate, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $FirewallProfilePublic, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $FirewallRules, [Parameter()] [ValidateSet('lmAndNltm', 'lmNtlmAndNtlmV2', 'lmAndNtlmOnly', 'lmAndNtlmV2', 'lmNtlmV2AndNotLm', 'lmNtlmV2AndNotLmOrNtm')] [System.String] $LanManagerAuthenticationLevel, [Parameter()] [System.Boolean] $LanManagerWorkstationDisableInsecureGuestLogons, [Parameter()] [System.String] $LocalSecurityOptionsAdministratorAccountName, [Parameter()] [ValidateSet('notConfigured', 'elevateWithoutPrompting', 'promptForCredentialsOnTheSecureDesktop', 'promptForConsentOnTheSecureDesktop', 'promptForCredentials', 'promptForConsent', 'promptForConsentForNonWindowsBinaries')] [System.String] $LocalSecurityOptionsAdministratorElevationPromptBehavior, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowPKU2UAuthenticationRequests, [Parameter()] [System.String] $LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowUIAccessApplicationElevation, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowUndockWithoutHavingToLogon, [Parameter()] [System.Boolean] $LocalSecurityOptionsBlockMicrosoftAccounts, [Parameter()] [System.Boolean] $LocalSecurityOptionsBlockRemoteLogonWithBlankPassword, [Parameter()] [System.Boolean] $LocalSecurityOptionsBlockRemoteOpticalDriveAccess, [Parameter()] [System.Boolean] $LocalSecurityOptionsBlockUsersInstallingPrinterDrivers, [Parameter()] [System.Boolean] $LocalSecurityOptionsClearVirtualMemoryPageFile, [Parameter()] [System.Boolean] $LocalSecurityOptionsClientDigitallySignCommunicationsAlways, [Parameter()] [System.Boolean] $LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers, [Parameter()] [System.Boolean] $LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableAdministratorAccount, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableGuestAccount, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees, [Parameter()] [System.Boolean] $LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts, [Parameter()] [System.Boolean] $LocalSecurityOptionsDoNotRequireCtrlAltDel, [Parameter()] [System.Boolean] $LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange, [Parameter()] [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser, [Parameter()] [System.String] $LocalSecurityOptionsGuestAccountName, [Parameter()] [System.Boolean] $LocalSecurityOptionsHideLastSignedInUser, [Parameter()] [System.Boolean] $LocalSecurityOptionsHideUsernameAtSignIn, [Parameter()] [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsInformationDisplayedOnLockScreen, [Parameter()] [ValidateSet('notConfigured', 'userDisplayNameDomainUser', 'userDisplayNameOnly', 'doNotDisplayUser')] [System.String] $LocalSecurityOptionsInformationShownOnLockScreen, [Parameter()] [System.String] $LocalSecurityOptionsLogOnMessageText, [Parameter()] [System.String] $LocalSecurityOptionsLogOnMessageTitle, [Parameter()] [System.Int32] $LocalSecurityOptionsMachineInactivityLimit, [Parameter()] [System.Int32] $LocalSecurityOptionsMachineInactivityLimitInMinutes, [Parameter()] [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients, [Parameter()] [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers, [Parameter()] [System.Boolean] $LocalSecurityOptionsOnlyElevateSignedExecutables, [Parameter()] [System.Boolean] $LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares, [Parameter()] [ValidateSet('noAction', 'lockWorkstation', 'forceLogoff', 'disconnectRemoteDesktopSession')] [System.String] $LocalSecurityOptionsSmartCardRemovalBehavior, [Parameter()] [ValidateSet('notConfigured', 'automaticallyDenyElevationRequests', 'promptForCredentialsOnTheSecureDesktop', 'promptForCredentials')] [System.String] $LocalSecurityOptionsStandardUserElevationPromptBehavior, [Parameter()] [System.Boolean] $LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation, [Parameter()] [System.Boolean] $LocalSecurityOptionsUseAdminApprovalMode, [Parameter()] [System.Boolean] $LocalSecurityOptionsUseAdminApprovalModeForAdministrators, [Parameter()] [System.Boolean] $LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations, [Parameter()] [System.Boolean] $SmartScreenBlockOverrideForFiles, [Parameter()] [System.Boolean] $SmartScreenEnableInShell, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsAccessCredentialManagerAsTrustedCaller, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsActAsPartOfTheOperatingSystem, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsAllowAccessFromNetwork, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsBackupData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsBlockAccessFromNetwork, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsChangeSystemTime, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreateGlobalObjects, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreatePageFile, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreatePermanentSharedObjects, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreateSymbolicLinks, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreateToken, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsDebugPrograms, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsDelegation, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsDenyLocalLogOn, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsGenerateSecurityAudits, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsImpersonateClient, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsIncreaseSchedulingPriority, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsLoadUnloadDrivers, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsLocalLogOn, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsLockMemory, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsManageAuditingAndSecurityLogs, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsManageVolumes, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsModifyFirmwareEnvironment, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsModifyObjectLabels, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsProfileSingleProcess, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsRemoteDesktopServicesLogOn, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsRemoteShutdown, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsRestoreData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsTakeOwnership, [Parameter()] [ValidateSet('notConfigured', 'enable', 'disable')] [System.String] $WindowsDefenderTamperProtection, [Parameter()] [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesAccessoryManagementServiceStartupMode, [Parameter()] [System.Boolean] $XboxServicesEnableXboxGameSaveTask, [Parameter()] [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveAuthManagerServiceStartupMode, [Parameter()] [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveGameSaveServiceStartupMode, [Parameter()] [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveNetworkingServiceStartupMode, [Parameter()] [System.String] $Description, [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] [System.Boolean] $SupportsScopeTags, [Parameter()] [System.String] $Id, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, #endregion [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] $Credential, [Parameter()] [System.String] $ApplicationId, [Parameter()] [System.String] $TenantId, [Parameter()] [System.Management.Automation.PSCredential] $ApplicationSecret, [Parameter()] [System.String] $CertificateThumbprint, [Parameter()] [Switch] $ManagedIdentity ) try { $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion $nullResult = $PSBoundParameters $nullResult.Ensure = 'Absent' $getValue = $null #region resource generator code $getValue = Get-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $Id -ErrorAction SilentlyContinue if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$Id}" if (-Not [string]::IsNullOrEmpty($DisplayName)) { $getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` -Filter "DisplayName eq '$DisplayName'" ` -ErrorAction SilentlyContinue } } #endregion if ($null -eq $getValue) { Write-Verbose -Message "Could not find an Intune Device Configuration Endpoint Protection Policy for Windows10 with DisplayName {$DisplayName}" return $nullResult } $Id = $getValue.Id Write-Verbose -Message "An Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName} was found." #region resource generator code $complexBitLockerFixedDrivePolicy = @{} if ($null -ne $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.encryptionMethod) { $complexBitLockerFixedDrivePolicy.Add('EncryptionMethod', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.encryptionMethod.toString()) } $complexRecoveryOptions = @{} $complexRecoveryOptions.Add('BlockDataRecoveryAgent', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.recoveryOptions.blockDataRecoveryAgent) $complexRecoveryOptions.Add('EnableBitLockerAfterRecoveryInformationToStore', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.recoveryOptions.enableBitLockerAfterRecoveryInformationToStore) $complexRecoveryOptions.Add('EnableRecoveryInformationSaveToStore', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.recoveryOptions.enableRecoveryInformationSaveToStore) $complexRecoveryOptions.Add('HideRecoveryOptions', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.recoveryOptions.hideRecoveryOptions) if ($null -ne $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.recoveryOptions.recoveryInformationToStore) { $complexRecoveryOptions.Add('RecoveryInformationToStore', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.recoveryOptions.recoveryInformationToStore.toString()) } if ($null -ne $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.recoveryOptions.recoveryKeyUsage) { $complexRecoveryOptions.Add('RecoveryKeyUsage', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.recoveryOptions.recoveryKeyUsage.toString()) } if ($null -ne $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.recoveryOptions.recoveryPasswordUsage) { $complexRecoveryOptions.Add('RecoveryPasswordUsage', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.recoveryOptions.recoveryPasswordUsage.toString()) } if ($complexRecoveryOptions.values.Where({ $null -ne $_ }).count -eq 0) { $complexRecoveryOptions = $null } $complexBitLockerFixedDrivePolicy.Add('RecoveryOptions', $complexRecoveryOptions) $complexBitLockerFixedDrivePolicy.Add('RequireEncryptionForWriteAccess', $getValue.AdditionalProperties.bitLockerFixedDrivePolicy.requireEncryptionForWriteAccess) if ($complexBitLockerFixedDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) { $complexBitLockerFixedDrivePolicy = $null } $complexBitLockerRemovableDrivePolicy = @{} $complexBitLockerRemovableDrivePolicy.Add('BlockCrossOrganizationWriteAccess', $getValue.AdditionalProperties.bitLockerRemovableDrivePolicy.blockCrossOrganizationWriteAccess) if ($null -ne $getValue.AdditionalProperties.bitLockerRemovableDrivePolicy.encryptionMethod) { $complexBitLockerRemovableDrivePolicy.Add('EncryptionMethod', $getValue.AdditionalProperties.bitLockerRemovableDrivePolicy.encryptionMethod.toString()) } $complexBitLockerRemovableDrivePolicy.Add('RequireEncryptionForWriteAccess', $getValue.AdditionalProperties.bitLockerRemovableDrivePolicy.requireEncryptionForWriteAccess) if ($complexBitLockerRemovableDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) { $complexBitLockerRemovableDrivePolicy = $null } $complexBitLockerSystemDrivePolicy = @{} if ($null -ne $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.encryptionMethod) { $complexBitLockerSystemDrivePolicy.Add('EncryptionMethod', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.encryptionMethod.toString()) } $complexBitLockerSystemDrivePolicy.Add('MinimumPinLength', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.minimumPinLength) $complexBitLockerSystemDrivePolicy.Add('PrebootRecoveryEnableMessageAndUrl', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.prebootRecoveryEnableMessageAndUrl) $complexBitLockerSystemDrivePolicy.Add('PrebootRecoveryMessage', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.prebootRecoveryMessage) $complexBitLockerSystemDrivePolicy.Add('PrebootRecoveryUrl', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.prebootRecoveryUrl) $complexRecoveryOptions = @{} $complexRecoveryOptions.Add('BlockDataRecoveryAgent', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.recoveryOptions.blockDataRecoveryAgent) $complexRecoveryOptions.Add('EnableBitLockerAfterRecoveryInformationToStore', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.recoveryOptions.enableBitLockerAfterRecoveryInformationToStore) $complexRecoveryOptions.Add('EnableRecoveryInformationSaveToStore', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.recoveryOptions.enableRecoveryInformationSaveToStore) $complexRecoveryOptions.Add('HideRecoveryOptions', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.recoveryOptions.hideRecoveryOptions) if ($null -ne $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.recoveryOptions.recoveryInformationToStore) { $complexRecoveryOptions.Add('RecoveryInformationToStore', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.recoveryOptions.recoveryInformationToStore.toString()) } if ($null -ne $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.recoveryOptions.recoveryKeyUsage) { $complexRecoveryOptions.Add('RecoveryKeyUsage', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.recoveryOptions.recoveryKeyUsage.toString()) } if ($null -ne $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.recoveryOptions.recoveryPasswordUsage) { $complexRecoveryOptions.Add('RecoveryPasswordUsage', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.recoveryOptions.recoveryPasswordUsage.toString()) } if ($complexRecoveryOptions.values.Where({ $null -ne $_ }).count -eq 0) { $complexRecoveryOptions = $null } $complexBitLockerSystemDrivePolicy.Add('RecoveryOptions', $complexRecoveryOptions) $complexBitLockerSystemDrivePolicy.Add('StartupAuthenticationBlockWithoutTpmChip', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationBlockWithoutTpmChip) $complexBitLockerSystemDrivePolicy.Add('StartupAuthenticationRequired', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationRequired) if ($null -ne $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationTpmKeyUsage) { $complexBitLockerSystemDrivePolicy.Add('StartupAuthenticationTpmKeyUsage', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationTpmKeyUsage.toString()) } if ($null -ne $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationTpmPinAndKeyUsage) { $complexBitLockerSystemDrivePolicy.Add('StartupAuthenticationTpmPinAndKeyUsage', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationTpmPinAndKeyUsage.toString()) } if ($null -ne $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationTpmPinUsage) { $complexBitLockerSystemDrivePolicy.Add('StartupAuthenticationTpmPinUsage', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationTpmPinUsage.toString()) } if ($null -ne $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationTpmUsage) { $complexBitLockerSystemDrivePolicy.Add('StartupAuthenticationTpmUsage', $getValue.AdditionalProperties.bitLockerSystemDrivePolicy.startupAuthenticationTpmUsage.toString()) } if ($complexBitLockerSystemDrivePolicy.values.Where({ $null -ne $_ }).count -eq 0) { $complexBitLockerSystemDrivePolicy = $null } $complexDefenderDetectedMalwareActions = @{} if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.highSeverity) { $complexDefenderDetectedMalwareActions.Add('HighSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.highSeverity.toString()) } if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity) { $complexDefenderDetectedMalwareActions.Add('LowSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.lowSeverity.toString()) } if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity) { $complexDefenderDetectedMalwareActions.Add('ModerateSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.moderateSeverity.toString()) } if ($null -ne $getValue.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity) { $complexDefenderDetectedMalwareActions.Add('SevereSeverity', $getValue.AdditionalProperties.defenderDetectedMalwareActions.severeSeverity.toString()) } if ($complexDefenderDetectedMalwareActions.values.Where({ $null -ne $_ }).count -eq 0) { $complexDefenderDetectedMalwareActions = $null } $complexFirewallProfileDomain = @{} $complexFirewallProfileDomain.Add('AuthorizedApplicationRulesFromGroupPolicyMerged', $getValue.AdditionalProperties.firewallProfileDomain.authorizedApplicationRulesFromGroupPolicyMerged) $complexFirewallProfileDomain.Add('AuthorizedApplicationRulesFromGroupPolicyNotMerged', $getValue.AdditionalProperties.firewallProfileDomain.authorizedApplicationRulesFromGroupPolicyNotMerged) $complexFirewallProfileDomain.Add('ConnectionSecurityRulesFromGroupPolicyMerged', $getValue.AdditionalProperties.firewallProfileDomain.connectionSecurityRulesFromGroupPolicyMerged) $complexFirewallProfileDomain.Add('ConnectionSecurityRulesFromGroupPolicyNotMerged', $getValue.AdditionalProperties.firewallProfileDomain.connectionSecurityRulesFromGroupPolicyNotMerged) if ($null -ne $getValue.AdditionalProperties.firewallProfileDomain.firewallEnabled) { $complexFirewallProfileDomain.Add('FirewallEnabled', $getValue.AdditionalProperties.firewallProfileDomain.firewallEnabled.toString()) } $complexFirewallProfileDomain.Add('GlobalPortRulesFromGroupPolicyMerged', $getValue.AdditionalProperties.firewallProfileDomain.globalPortRulesFromGroupPolicyMerged) $complexFirewallProfileDomain.Add('GlobalPortRulesFromGroupPolicyNotMerged', $getValue.AdditionalProperties.firewallProfileDomain.globalPortRulesFromGroupPolicyNotMerged) $complexFirewallProfileDomain.Add('InboundConnectionsBlocked', $getValue.AdditionalProperties.firewallProfileDomain.inboundConnectionsBlocked) $complexFirewallProfileDomain.Add('InboundConnectionsRequired', $getValue.AdditionalProperties.firewallProfileDomain.inboundConnectionsRequired) $complexFirewallProfileDomain.Add('InboundNotificationsBlocked', $getValue.AdditionalProperties.firewallProfileDomain.inboundNotificationsBlocked) $complexFirewallProfileDomain.Add('InboundNotificationsRequired', $getValue.AdditionalProperties.firewallProfileDomain.inboundNotificationsRequired) $complexFirewallProfileDomain.Add('IncomingTrafficBlocked', $getValue.AdditionalProperties.firewallProfileDomain.incomingTrafficBlocked) $complexFirewallProfileDomain.Add('IncomingTrafficRequired', $getValue.AdditionalProperties.firewallProfileDomain.incomingTrafficRequired) $complexFirewallProfileDomain.Add('OutboundConnectionsBlocked', $getValue.AdditionalProperties.firewallProfileDomain.outboundConnectionsBlocked) $complexFirewallProfileDomain.Add('OutboundConnectionsRequired', $getValue.AdditionalProperties.firewallProfileDomain.outboundConnectionsRequired) $complexFirewallProfileDomain.Add('PolicyRulesFromGroupPolicyMerged', $getValue.AdditionalProperties.firewallProfileDomain.policyRulesFromGroupPolicyMerged) $complexFirewallProfileDomain.Add('PolicyRulesFromGroupPolicyNotMerged', $getValue.AdditionalProperties.firewallProfileDomain.policyRulesFromGroupPolicyNotMerged) $complexFirewallProfileDomain.Add('SecuredPacketExemptionAllowed', $getValue.AdditionalProperties.firewallProfileDomain.securedPacketExemptionAllowed) $complexFirewallProfileDomain.Add('SecuredPacketExemptionBlocked', $getValue.AdditionalProperties.firewallProfileDomain.securedPacketExemptionBlocked) $complexFirewallProfileDomain.Add('StealthModeBlocked', $getValue.AdditionalProperties.firewallProfileDomain.stealthModeBlocked) $complexFirewallProfileDomain.Add('StealthModeRequired', $getValue.AdditionalProperties.firewallProfileDomain.stealthModeRequired) $complexFirewallProfileDomain.Add('UnicastResponsesToMulticastBroadcastsBlocked', $getValue.AdditionalProperties.firewallProfileDomain.unicastResponsesToMulticastBroadcastsBlocked) $complexFirewallProfileDomain.Add('UnicastResponsesToMulticastBroadcastsRequired', $getValue.AdditionalProperties.firewallProfileDomain.unicastResponsesToMulticastBroadcastsRequired) if ($complexFirewallProfileDomain.values.Where({ $null -ne $_ }).count -eq 0) { $complexFirewallProfileDomain = $null } $complexFirewallProfilePrivate = @{} $complexFirewallProfilePrivate.Add('AuthorizedApplicationRulesFromGroupPolicyMerged', $getValue.AdditionalProperties.firewallProfilePrivate.authorizedApplicationRulesFromGroupPolicyMerged) $complexFirewallProfilePrivate.Add('AuthorizedApplicationRulesFromGroupPolicyNotMerged', $getValue.AdditionalProperties.firewallProfilePrivate.authorizedApplicationRulesFromGroupPolicyNotMerged) $complexFirewallProfilePrivate.Add('ConnectionSecurityRulesFromGroupPolicyMerged', $getValue.AdditionalProperties.firewallProfilePrivate.connectionSecurityRulesFromGroupPolicyMerged) $complexFirewallProfilePrivate.Add('ConnectionSecurityRulesFromGroupPolicyNotMerged', $getValue.AdditionalProperties.firewallProfilePrivate.connectionSecurityRulesFromGroupPolicyNotMerged) if ($null -ne $getValue.AdditionalProperties.firewallProfilePrivate.firewallEnabled) { $complexFirewallProfilePrivate.Add('FirewallEnabled', $getValue.AdditionalProperties.firewallProfilePrivate.firewallEnabled.toString()) } $complexFirewallProfilePrivate.Add('GlobalPortRulesFromGroupPolicyMerged', $getValue.AdditionalProperties.firewallProfilePrivate.globalPortRulesFromGroupPolicyMerged) $complexFirewallProfilePrivate.Add('GlobalPortRulesFromGroupPolicyNotMerged', $getValue.AdditionalProperties.firewallProfilePrivate.globalPortRulesFromGroupPolicyNotMerged) $complexFirewallProfilePrivate.Add('InboundConnectionsBlocked', $getValue.AdditionalProperties.firewallProfilePrivate.inboundConnectionsBlocked) $complexFirewallProfilePrivate.Add('InboundConnectionsRequired', $getValue.AdditionalProperties.firewallProfilePrivate.inboundConnectionsRequired) $complexFirewallProfilePrivate.Add('InboundNotificationsBlocked', $getValue.AdditionalProperties.firewallProfilePrivate.inboundNotificationsBlocked) $complexFirewallProfilePrivate.Add('InboundNotificationsRequired', $getValue.AdditionalProperties.firewallProfilePrivate.inboundNotificationsRequired) $complexFirewallProfilePrivate.Add('IncomingTrafficBlocked', $getValue.AdditionalProperties.firewallProfilePrivate.incomingTrafficBlocked) $complexFirewallProfilePrivate.Add('IncomingTrafficRequired', $getValue.AdditionalProperties.firewallProfilePrivate.incomingTrafficRequired) $complexFirewallProfilePrivate.Add('OutboundConnectionsBlocked', $getValue.AdditionalProperties.firewallProfilePrivate.outboundConnectionsBlocked) $complexFirewallProfilePrivate.Add('OutboundConnectionsRequired', $getValue.AdditionalProperties.firewallProfilePrivate.outboundConnectionsRequired) $complexFirewallProfilePrivate.Add('PolicyRulesFromGroupPolicyMerged', $getValue.AdditionalProperties.firewallProfilePrivate.policyRulesFromGroupPolicyMerged) $complexFirewallProfilePrivate.Add('PolicyRulesFromGroupPolicyNotMerged', $getValue.AdditionalProperties.firewallProfilePrivate.policyRulesFromGroupPolicyNotMerged) $complexFirewallProfilePrivate.Add('SecuredPacketExemptionAllowed', $getValue.AdditionalProperties.firewallProfilePrivate.securedPacketExemptionAllowed) $complexFirewallProfilePrivate.Add('SecuredPacketExemptionBlocked', $getValue.AdditionalProperties.firewallProfilePrivate.securedPacketExemptionBlocked) $complexFirewallProfilePrivate.Add('StealthModeBlocked', $getValue.AdditionalProperties.firewallProfilePrivate.stealthModeBlocked) $complexFirewallProfilePrivate.Add('StealthModeRequired', $getValue.AdditionalProperties.firewallProfilePrivate.stealthModeRequired) $complexFirewallProfilePrivate.Add('UnicastResponsesToMulticastBroadcastsBlocked', $getValue.AdditionalProperties.firewallProfilePrivate.unicastResponsesToMulticastBroadcastsBlocked) $complexFirewallProfilePrivate.Add('UnicastResponsesToMulticastBroadcastsRequired', $getValue.AdditionalProperties.firewallProfilePrivate.unicastResponsesToMulticastBroadcastsRequired) if ($complexFirewallProfilePrivate.values.Where({ $null -ne $_ }).count -eq 0) { $complexFirewallProfilePrivate = $null } $complexFirewallProfilePublic = @{} $complexFirewallProfilePublic.Add('AuthorizedApplicationRulesFromGroupPolicyMerged', $getValue.AdditionalProperties.firewallProfilePublic.authorizedApplicationRulesFromGroupPolicyMerged) $complexFirewallProfilePublic.Add('AuthorizedApplicationRulesFromGroupPolicyNotMerged', $getValue.AdditionalProperties.firewallProfilePublic.authorizedApplicationRulesFromGroupPolicyNotMerged) $complexFirewallProfilePublic.Add('ConnectionSecurityRulesFromGroupPolicyMerged', $getValue.AdditionalProperties.firewallProfilePublic.connectionSecurityRulesFromGroupPolicyMerged) $complexFirewallProfilePublic.Add('ConnectionSecurityRulesFromGroupPolicyNotMerged', $getValue.AdditionalProperties.firewallProfilePublic.connectionSecurityRulesFromGroupPolicyNotMerged) if ($null -ne $getValue.AdditionalProperties.firewallProfilePublic.firewallEnabled) { $complexFirewallProfilePublic.Add('FirewallEnabled', $getValue.AdditionalProperties.firewallProfilePublic.firewallEnabled.toString()) } $complexFirewallProfilePublic.Add('GlobalPortRulesFromGroupPolicyMerged', $getValue.AdditionalProperties.firewallProfilePublic.globalPortRulesFromGroupPolicyMerged) $complexFirewallProfilePublic.Add('GlobalPortRulesFromGroupPolicyNotMerged', $getValue.AdditionalProperties.firewallProfilePublic.globalPortRulesFromGroupPolicyNotMerged) $complexFirewallProfilePublic.Add('InboundConnectionsBlocked', $getValue.AdditionalProperties.firewallProfilePublic.inboundConnectionsBlocked) $complexFirewallProfilePublic.Add('InboundConnectionsRequired', $getValue.AdditionalProperties.firewallProfilePublic.inboundConnectionsRequired) $complexFirewallProfilePublic.Add('InboundNotificationsBlocked', $getValue.AdditionalProperties.firewallProfilePublic.inboundNotificationsBlocked) $complexFirewallProfilePublic.Add('InboundNotificationsRequired', $getValue.AdditionalProperties.firewallProfilePublic.inboundNotificationsRequired) $complexFirewallProfilePublic.Add('IncomingTrafficBlocked', $getValue.AdditionalProperties.firewallProfilePublic.incomingTrafficBlocked) $complexFirewallProfilePublic.Add('IncomingTrafficRequired', $getValue.AdditionalProperties.firewallProfilePublic.incomingTrafficRequired) $complexFirewallProfilePublic.Add('OutboundConnectionsBlocked', $getValue.AdditionalProperties.firewallProfilePublic.outboundConnectionsBlocked) $complexFirewallProfilePublic.Add('OutboundConnectionsRequired', $getValue.AdditionalProperties.firewallProfilePublic.outboundConnectionsRequired) $complexFirewallProfilePublic.Add('PolicyRulesFromGroupPolicyMerged', $getValue.AdditionalProperties.firewallProfilePublic.policyRulesFromGroupPolicyMerged) $complexFirewallProfilePublic.Add('PolicyRulesFromGroupPolicyNotMerged', $getValue.AdditionalProperties.firewallProfilePublic.policyRulesFromGroupPolicyNotMerged) $complexFirewallProfilePublic.Add('SecuredPacketExemptionAllowed', $getValue.AdditionalProperties.firewallProfilePublic.securedPacketExemptionAllowed) $complexFirewallProfilePublic.Add('SecuredPacketExemptionBlocked', $getValue.AdditionalProperties.firewallProfilePublic.securedPacketExemptionBlocked) $complexFirewallProfilePublic.Add('StealthModeBlocked', $getValue.AdditionalProperties.firewallProfilePublic.stealthModeBlocked) $complexFirewallProfilePublic.Add('StealthModeRequired', $getValue.AdditionalProperties.firewallProfilePublic.stealthModeRequired) $complexFirewallProfilePublic.Add('UnicastResponsesToMulticastBroadcastsBlocked', $getValue.AdditionalProperties.firewallProfilePublic.unicastResponsesToMulticastBroadcastsBlocked) $complexFirewallProfilePublic.Add('UnicastResponsesToMulticastBroadcastsRequired', $getValue.AdditionalProperties.firewallProfilePublic.unicastResponsesToMulticastBroadcastsRequired) if ($complexFirewallProfilePublic.values.Where({ $null -ne $_ }).count -eq 0) { $complexFirewallProfilePublic = $null } $complexFirewallRules = @() foreach ($currentfirewallRules in $getValue.AdditionalProperties.firewallRules) { $myfirewallRules = @{} if ($null -ne $currentfirewallRules.action) { $myfirewallRules.Add('Action', $currentfirewallRules.action.toString()) } $myfirewallRules.Add('Description', $currentfirewallRules.description) $myfirewallRules.Add('DisplayName', $currentfirewallRules.displayName) if ($null -ne $currentfirewallRules.edgeTraversal) { $myfirewallRules.Add('EdgeTraversal', $currentfirewallRules.edgeTraversal.toString()) } $myfirewallRules.Add('FilePath', $currentfirewallRules.filePath) if ($null -ne $currentfirewallRules.interfaceTypes) { $myfirewallRules.Add('InterfaceTypes', $currentfirewallRules.interfaceTypes.toString()) } $myfirewallRules.Add('LocalAddressRanges', $currentfirewallRules.localAddressRanges) $myfirewallRules.Add('LocalPortRanges', $currentfirewallRules.localPortRanges) $myfirewallRules.Add('LocalUserAuthorizations', $currentfirewallRules.localUserAuthorizations) $myfirewallRules.Add('PackageFamilyName', $currentfirewallRules.packageFamilyName) if ($null -ne $currentfirewallRules.profileTypes) { $myfirewallRules.Add('ProfileTypes', $currentfirewallRules.profileTypes.toString()) } $myfirewallRules.Add('Protocol', $currentfirewallRules.protocol) $myfirewallRules.Add('RemoteAddressRanges', $currentfirewallRules.remoteAddressRanges) $myfirewallRules.Add('RemotePortRanges', $currentfirewallRules.remotePortRanges) $myfirewallRules.Add('ServiceName', $currentfirewallRules.serviceName) if ($null -ne $currentfirewallRules.trafficDirection) { $myfirewallRules.Add('TrafficDirection', $currentfirewallRules.trafficDirection.toString()) } if ($myfirewallRules.values.Where({ $null -ne $_ }).count -gt 0) { $complexFirewallRules += $myfirewallRules } } $complexUserRightsAccessCredentialManagerAsTrustedCaller = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsAccessCredentialManagerAsTrustedCaller.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsAccessCredentialManagerAsTrustedCaller.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsAccessCredentialManagerAsTrustedCaller.state) { $complexUserRightsAccessCredentialManagerAsTrustedCaller.Add('State', $getValue.AdditionalProperties.userRightsAccessCredentialManagerAsTrustedCaller.state.toString()) } if ($complexUserRightsAccessCredentialManagerAsTrustedCaller.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsAccessCredentialManagerAsTrustedCaller = $null } $complexUserRightsActAsPartOfTheOperatingSystem = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsActAsPartOfTheOperatingSystem.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsActAsPartOfTheOperatingSystem.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsActAsPartOfTheOperatingSystem.state) { $complexUserRightsActAsPartOfTheOperatingSystem.Add('State', $getValue.AdditionalProperties.userRightsActAsPartOfTheOperatingSystem.state.toString()) } if ($complexUserRightsActAsPartOfTheOperatingSystem.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsActAsPartOfTheOperatingSystem = $null } $complexUserRightsAllowAccessFromNetwork = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsAllowAccessFromNetwork.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsAllowAccessFromNetwork.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsAllowAccessFromNetwork.state) { $complexUserRightsAllowAccessFromNetwork.Add('State', $getValue.AdditionalProperties.userRightsAllowAccessFromNetwork.state.toString()) } if ($complexUserRightsAllowAccessFromNetwork.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsAllowAccessFromNetwork = $null } $complexUserRightsBackupData = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsBackupData.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsBackupData.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsBackupData.state) { $complexUserRightsBackupData.Add('State', $getValue.AdditionalProperties.userRightsBackupData.state.toString()) } if ($complexUserRightsBackupData.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsBackupData = $null } $complexUserRightsBlockAccessFromNetwork = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsBlockAccessFromNetwork.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsBlockAccessFromNetwork.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsBlockAccessFromNetwork.state) { $complexUserRightsBlockAccessFromNetwork.Add('State', $getValue.AdditionalProperties.userRightsBlockAccessFromNetwork.state.toString()) } if ($complexUserRightsBlockAccessFromNetwork.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsBlockAccessFromNetwork = $null } $complexUserRightsChangeSystemTime = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsChangeSystemTime.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsChangeSystemTime.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsChangeSystemTime.state) { $complexUserRightsChangeSystemTime.Add('State', $getValue.AdditionalProperties.userRightsChangeSystemTime.state.toString()) } if ($complexUserRightsChangeSystemTime.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsChangeSystemTime = $null } $complexUserRightsCreateGlobalObjects = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateGlobalObjects.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsCreateGlobalObjects.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreateGlobalObjects.state) { $complexUserRightsCreateGlobalObjects.Add('State', $getValue.AdditionalProperties.userRightsCreateGlobalObjects.state.toString()) } if ($complexUserRightsCreateGlobalObjects.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreateGlobalObjects = $null } $complexUserRightsCreatePageFile = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreatePageFile.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsCreatePageFile.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreatePageFile.state) { $complexUserRightsCreatePageFile.Add('State', $getValue.AdditionalProperties.userRightsCreatePageFile.state.toString()) } if ($complexUserRightsCreatePageFile.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreatePageFile = $null } $complexUserRightsCreatePermanentSharedObjects = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreatePermanentSharedObjects.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsCreatePermanentSharedObjects.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreatePermanentSharedObjects.state) { $complexUserRightsCreatePermanentSharedObjects.Add('State', $getValue.AdditionalProperties.userRightsCreatePermanentSharedObjects.state.toString()) } if ($complexUserRightsCreatePermanentSharedObjects.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreatePermanentSharedObjects = $null } $complexUserRightsCreateSymbolicLinks = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateSymbolicLinks.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsCreateSymbolicLinks.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreateSymbolicLinks.state) { $complexUserRightsCreateSymbolicLinks.Add('State', $getValue.AdditionalProperties.userRightsCreateSymbolicLinks.state.toString()) } if ($complexUserRightsCreateSymbolicLinks.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreateSymbolicLinks = $null } $complexUserRightsCreateToken = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsCreateToken.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsCreateToken.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsCreateToken.state) { $complexUserRightsCreateToken.Add('State', $getValue.AdditionalProperties.userRightsCreateToken.state.toString()) } if ($complexUserRightsCreateToken.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsCreateToken = $null } $complexUserRightsDebugPrograms = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDebugPrograms.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsDebugPrograms.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsDebugPrograms.state) { $complexUserRightsDebugPrograms.Add('State', $getValue.AdditionalProperties.userRightsDebugPrograms.state.toString()) } if ($complexUserRightsDebugPrograms.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsDebugPrograms = $null } $complexUserRightsDelegation = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDelegation.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsDelegation.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsDelegation.state) { $complexUserRightsDelegation.Add('State', $getValue.AdditionalProperties.userRightsDelegation.state.toString()) } if ($complexUserRightsDelegation.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsDelegation = $null } $complexUserRightsDenyLocalLogOn = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsDenyLocalLogOn.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsDenyLocalLogOn.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsDenyLocalLogOn.state) { $complexUserRightsDenyLocalLogOn.Add('State', $getValue.AdditionalProperties.userRightsDenyLocalLogOn.state.toString()) } if ($complexUserRightsDenyLocalLogOn.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsDenyLocalLogOn = $null } $complexUserRightsGenerateSecurityAudits = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsGenerateSecurityAudits.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsGenerateSecurityAudits.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsGenerateSecurityAudits.state) { $complexUserRightsGenerateSecurityAudits.Add('State', $getValue.AdditionalProperties.userRightsGenerateSecurityAudits.state.toString()) } if ($complexUserRightsGenerateSecurityAudits.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsGenerateSecurityAudits = $null } $complexUserRightsImpersonateClient = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsImpersonateClient.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsImpersonateClient.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsImpersonateClient.state) { $complexUserRightsImpersonateClient.Add('State', $getValue.AdditionalProperties.userRightsImpersonateClient.state.toString()) } if ($complexUserRightsImpersonateClient.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsImpersonateClient = $null } $complexUserRightsIncreaseSchedulingPriority = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsIncreaseSchedulingPriority.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsIncreaseSchedulingPriority.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsIncreaseSchedulingPriority.state) { $complexUserRightsIncreaseSchedulingPriority.Add('State', $getValue.AdditionalProperties.userRightsIncreaseSchedulingPriority.state.toString()) } if ($complexUserRightsIncreaseSchedulingPriority.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsIncreaseSchedulingPriority = $null } $complexUserRightsLoadUnloadDrivers = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLoadUnloadDrivers.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsLoadUnloadDrivers.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsLoadUnloadDrivers.state) { $complexUserRightsLoadUnloadDrivers.Add('State', $getValue.AdditionalProperties.userRightsLoadUnloadDrivers.state.toString()) } if ($complexUserRightsLoadUnloadDrivers.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsLoadUnloadDrivers = $null } $complexUserRightsLocalLogOn = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLocalLogOn.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsLocalLogOn.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsLocalLogOn.state) { $complexUserRightsLocalLogOn.Add('State', $getValue.AdditionalProperties.userRightsLocalLogOn.state.toString()) } if ($complexUserRightsLocalLogOn.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsLocalLogOn = $null } $complexUserRightsLockMemory = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsLockMemory.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsLockMemory.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsLockMemory.state) { $complexUserRightsLockMemory.Add('State', $getValue.AdditionalProperties.userRightsLockMemory.state.toString()) } if ($complexUserRightsLockMemory.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsLockMemory = $null } $complexUserRightsManageAuditingAndSecurityLogs = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsManageAuditingAndSecurityLogs.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsManageAuditingAndSecurityLogs.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsManageAuditingAndSecurityLogs.state) { $complexUserRightsManageAuditingAndSecurityLogs.Add('State', $getValue.AdditionalProperties.userRightsManageAuditingAndSecurityLogs.state.toString()) } if ($complexUserRightsManageAuditingAndSecurityLogs.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsManageAuditingAndSecurityLogs = $null } $complexUserRightsManageVolumes = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsManageVolumes.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsManageVolumes.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsManageVolumes.state) { $complexUserRightsManageVolumes.Add('State', $getValue.AdditionalProperties.userRightsManageVolumes.state.toString()) } if ($complexUserRightsManageVolumes.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsManageVolumes = $null } $complexUserRightsModifyFirmwareEnvironment = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsModifyFirmwareEnvironment.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsModifyFirmwareEnvironment.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsModifyFirmwareEnvironment.state) { $complexUserRightsModifyFirmwareEnvironment.Add('State', $getValue.AdditionalProperties.userRightsModifyFirmwareEnvironment.state.toString()) } if ($complexUserRightsModifyFirmwareEnvironment.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsModifyFirmwareEnvironment = $null } $complexUserRightsModifyObjectLabels = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsModifyObjectLabels.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsModifyObjectLabels.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsModifyObjectLabels.state) { $complexUserRightsModifyObjectLabels.Add('State', $getValue.AdditionalProperties.userRightsModifyObjectLabels.state.toString()) } if ($complexUserRightsModifyObjectLabels.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsModifyObjectLabels = $null } $complexUserRightsProfileSingleProcess = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsProfileSingleProcess.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsProfileSingleProcess.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsProfileSingleProcess.state) { $complexUserRightsProfileSingleProcess.Add('State', $getValue.AdditionalProperties.userRightsProfileSingleProcess.state.toString()) } if ($complexUserRightsProfileSingleProcess.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsProfileSingleProcess = $null } $complexUserRightsRemoteDesktopServicesLogOn = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRemoteDesktopServicesLogOn.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsRemoteDesktopServicesLogOn.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsRemoteDesktopServicesLogOn.state) { $complexUserRightsRemoteDesktopServicesLogOn.Add('State', $getValue.AdditionalProperties.userRightsRemoteDesktopServicesLogOn.state.toString()) } if ($complexUserRightsRemoteDesktopServicesLogOn.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsRemoteDesktopServicesLogOn = $null } $complexUserRightsRemoteShutdown = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRemoteShutdown.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsRemoteShutdown.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsRemoteShutdown.state) { $complexUserRightsRemoteShutdown.Add('State', $getValue.AdditionalProperties.userRightsRemoteShutdown.state.toString()) } if ($complexUserRightsRemoteShutdown.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsRemoteShutdown = $null } $complexUserRightsRestoreData = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsRestoreData.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsRestoreData.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsRestoreData.state) { $complexUserRightsRestoreData.Add('State', $getValue.AdditionalProperties.userRightsRestoreData.state.toString()) } if ($complexUserRightsRestoreData.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsRestoreData = $null } $complexUserRightsTakeOwnership = @{} $complexLocalUsersOrGroups = @() foreach ($currentLocalUsersOrGroups in $getValue.AdditionalProperties.userRightsTakeOwnership.localUsersOrGroups) { $myLocalUsersOrGroups = @{} $myLocalUsersOrGroups.Add('Description', $currentLocalUsersOrGroups.description) $myLocalUsersOrGroups.Add('Name', $currentLocalUsersOrGroups.name) $myLocalUsersOrGroups.Add('SecurityIdentifier', $currentLocalUsersOrGroups.securityIdentifier) if ($myLocalUsersOrGroups.values.Where({ $null -ne $_ }).count -gt 0) { $complexLocalUsersOrGroups += $myLocalUsersOrGroups } } $complexUserRightsTakeOwnership.Add('LocalUsersOrGroups', $complexLocalUsersOrGroups) if ($null -ne $getValue.AdditionalProperties.userRightsTakeOwnership.state) { $complexUserRightsTakeOwnership.Add('State', $getValue.AdditionalProperties.userRightsTakeOwnership.state.toString()) } if ($complexUserRightsTakeOwnership.values.Where({ $null -ne $_ }).count -eq 0) { $complexUserRightsTakeOwnership = $null } #endregion #region resource generator code $enumApplicationGuardBlockClipboardSharing = $null if ($null -ne $getValue.AdditionalProperties.applicationGuardBlockClipboardSharing) { $enumApplicationGuardBlockClipboardSharing = $getValue.AdditionalProperties.applicationGuardBlockClipboardSharing.ToString() } $enumApplicationGuardBlockFileTransfer = $null if ($null -ne $getValue.AdditionalProperties.applicationGuardBlockFileTransfer) { $enumApplicationGuardBlockFileTransfer = $getValue.AdditionalProperties.applicationGuardBlockFileTransfer.ToString() } $enumApplicationGuardEnabledOptions = $null if ($null -ne $getValue.AdditionalProperties.applicationGuardEnabledOptions) { $enumApplicationGuardEnabledOptions = $getValue.AdditionalProperties.applicationGuardEnabledOptions.ToString() } $enumAppLockerApplicationControl = $null if ($null -ne $getValue.AdditionalProperties.appLockerApplicationControl) { $enumAppLockerApplicationControl = $getValue.AdditionalProperties.appLockerApplicationControl.ToString() } $enumBitLockerRecoveryPasswordRotation = $null if ($null -ne $getValue.AdditionalProperties.bitLockerRecoveryPasswordRotation) { $enumBitLockerRecoveryPasswordRotation = $getValue.AdditionalProperties.bitLockerRecoveryPasswordRotation.ToString() } $enumDefenderAdobeReaderLaunchChildProcess = $null if ($null -ne $getValue.AdditionalProperties.defenderAdobeReaderLaunchChildProcess) { $enumDefenderAdobeReaderLaunchChildProcess = $getValue.AdditionalProperties.defenderAdobeReaderLaunchChildProcess.ToString() } $enumDefenderAdvancedRansomewareProtectionType = $null if ($null -ne $getValue.AdditionalProperties.defenderAdvancedRansomewareProtectionType) { $enumDefenderAdvancedRansomewareProtectionType = $getValue.AdditionalProperties.defenderAdvancedRansomewareProtectionType.ToString() } $enumDefenderBlockPersistenceThroughWmiType = $null if ($null -ne $getValue.AdditionalProperties.defenderBlockPersistenceThroughWmiType) { $enumDefenderBlockPersistenceThroughWmiType = $getValue.AdditionalProperties.defenderBlockPersistenceThroughWmiType.ToString() } $enumDefenderCloudBlockLevel = $null if ($null -ne $getValue.AdditionalProperties.defenderCloudBlockLevel) { $enumDefenderCloudBlockLevel = $getValue.AdditionalProperties.defenderCloudBlockLevel.ToString() } $enumDefenderEmailContentExecution = $null if ($null -ne $getValue.AdditionalProperties.defenderEmailContentExecution) { $enumDefenderEmailContentExecution = $getValue.AdditionalProperties.defenderEmailContentExecution.ToString() } $enumDefenderEmailContentExecutionType = $null if ($null -ne $getValue.AdditionalProperties.defenderEmailContentExecutionType) { $enumDefenderEmailContentExecutionType = $getValue.AdditionalProperties.defenderEmailContentExecutionType.ToString() } $enumDefenderGuardMyFoldersType = $null if ($null -ne $getValue.AdditionalProperties.defenderGuardMyFoldersType) { $enumDefenderGuardMyFoldersType = $getValue.AdditionalProperties.defenderGuardMyFoldersType.ToString() } $enumDefenderNetworkProtectionType = $null if ($null -ne $getValue.AdditionalProperties.defenderNetworkProtectionType) { $enumDefenderNetworkProtectionType = $getValue.AdditionalProperties.defenderNetworkProtectionType.ToString() } $enumDefenderOfficeAppsExecutableContentCreationOrLaunch = $null if ($null -ne $getValue.AdditionalProperties.defenderOfficeAppsExecutableContentCreationOrLaunch) { $enumDefenderOfficeAppsExecutableContentCreationOrLaunch = $getValue.AdditionalProperties.defenderOfficeAppsExecutableContentCreationOrLaunch.ToString() } $enumDefenderOfficeAppsExecutableContentCreationOrLaunchType = $null if ($null -ne $getValue.AdditionalProperties.defenderOfficeAppsExecutableContentCreationOrLaunchType) { $enumDefenderOfficeAppsExecutableContentCreationOrLaunchType = $getValue.AdditionalProperties.defenderOfficeAppsExecutableContentCreationOrLaunchType.ToString() } $enumDefenderOfficeAppsLaunchChildProcess = $null if ($null -ne $getValue.AdditionalProperties.defenderOfficeAppsLaunchChildProcess) { $enumDefenderOfficeAppsLaunchChildProcess = $getValue.AdditionalProperties.defenderOfficeAppsLaunchChildProcess.ToString() } $enumDefenderOfficeAppsLaunchChildProcessType = $null if ($null -ne $getValue.AdditionalProperties.defenderOfficeAppsLaunchChildProcessType) { $enumDefenderOfficeAppsLaunchChildProcessType = $getValue.AdditionalProperties.defenderOfficeAppsLaunchChildProcessType.ToString() } $enumDefenderOfficeAppsOtherProcessInjection = $null if ($null -ne $getValue.AdditionalProperties.defenderOfficeAppsOtherProcessInjection) { $enumDefenderOfficeAppsOtherProcessInjection = $getValue.AdditionalProperties.defenderOfficeAppsOtherProcessInjection.ToString() } $enumDefenderOfficeAppsOtherProcessInjectionType = $null if ($null -ne $getValue.AdditionalProperties.defenderOfficeAppsOtherProcessInjectionType) { $enumDefenderOfficeAppsOtherProcessInjectionType = $getValue.AdditionalProperties.defenderOfficeAppsOtherProcessInjectionType.ToString() } $enumDefenderOfficeCommunicationAppsLaunchChildProcess = $null if ($null -ne $getValue.AdditionalProperties.defenderOfficeCommunicationAppsLaunchChildProcess) { $enumDefenderOfficeCommunicationAppsLaunchChildProcess = $getValue.AdditionalProperties.defenderOfficeCommunicationAppsLaunchChildProcess.ToString() } $enumDefenderOfficeMacroCodeAllowWin32Imports = $null if ($null -ne $getValue.AdditionalProperties.defenderOfficeMacroCodeAllowWin32Imports) { $enumDefenderOfficeMacroCodeAllowWin32Imports = $getValue.AdditionalProperties.defenderOfficeMacroCodeAllowWin32Imports.ToString() } $enumDefenderOfficeMacroCodeAllowWin32ImportsType = $null if ($null -ne $getValue.AdditionalProperties.defenderOfficeMacroCodeAllowWin32ImportsType) { $enumDefenderOfficeMacroCodeAllowWin32ImportsType = $getValue.AdditionalProperties.defenderOfficeMacroCodeAllowWin32ImportsType.ToString() } $enumDefenderPotentiallyUnwantedAppAction = $null if ($null -ne $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppAction) { $enumDefenderPotentiallyUnwantedAppAction = $getValue.AdditionalProperties.defenderPotentiallyUnwantedAppAction.ToString() } $enumDefenderPreventCredentialStealingType = $null if ($null -ne $getValue.AdditionalProperties.defenderPreventCredentialStealingType) { $enumDefenderPreventCredentialStealingType = $getValue.AdditionalProperties.defenderPreventCredentialStealingType.ToString() } $enumDefenderProcessCreation = $null if ($null -ne $getValue.AdditionalProperties.defenderProcessCreation) { $enumDefenderProcessCreation = $getValue.AdditionalProperties.defenderProcessCreation.ToString() } $enumDefenderProcessCreationType = $null if ($null -ne $getValue.AdditionalProperties.defenderProcessCreationType) { $enumDefenderProcessCreationType = $getValue.AdditionalProperties.defenderProcessCreationType.ToString() } $enumDefenderScanDirection = $null if ($null -ne $getValue.AdditionalProperties.defenderScanDirection) { $enumDefenderScanDirection = $getValue.AdditionalProperties.defenderScanDirection.ToString() } $enumDefenderScanType = $null if ($null -ne $getValue.AdditionalProperties.defenderScanType) { $enumDefenderScanType = $getValue.AdditionalProperties.defenderScanType.ToString() } $enumDefenderScheduledScanDay = $null if ($null -ne $getValue.AdditionalProperties.defenderScheduledScanDay) { $enumDefenderScheduledScanDay = $getValue.AdditionalProperties.defenderScheduledScanDay.ToString() } $enumDefenderScriptDownloadedPayloadExecution = $null if ($null -ne $getValue.AdditionalProperties.defenderScriptDownloadedPayloadExecution) { $enumDefenderScriptDownloadedPayloadExecution = $getValue.AdditionalProperties.defenderScriptDownloadedPayloadExecution.ToString() } $enumDefenderScriptDownloadedPayloadExecutionType = $null if ($null -ne $getValue.AdditionalProperties.defenderScriptDownloadedPayloadExecutionType) { $enumDefenderScriptDownloadedPayloadExecutionType = $getValue.AdditionalProperties.defenderScriptDownloadedPayloadExecutionType.ToString() } $enumDefenderScriptObfuscatedMacroCode = $null if ($null -ne $getValue.AdditionalProperties.defenderScriptObfuscatedMacroCode) { $enumDefenderScriptObfuscatedMacroCode = $getValue.AdditionalProperties.defenderScriptObfuscatedMacroCode.ToString() } $enumDefenderScriptObfuscatedMacroCodeType = $null if ($null -ne $getValue.AdditionalProperties.defenderScriptObfuscatedMacroCodeType) { $enumDefenderScriptObfuscatedMacroCodeType = $getValue.AdditionalProperties.defenderScriptObfuscatedMacroCodeType.ToString() } $enumDefenderSecurityCenterITContactDisplay = $null if ($null -ne $getValue.AdditionalProperties.defenderSecurityCenterITContactDisplay) { $enumDefenderSecurityCenterITContactDisplay = $getValue.AdditionalProperties.defenderSecurityCenterITContactDisplay.ToString() } $enumDefenderSecurityCenterNotificationsFromApp = $null if ($null -ne $getValue.AdditionalProperties.defenderSecurityCenterNotificationsFromApp) { $enumDefenderSecurityCenterNotificationsFromApp = $getValue.AdditionalProperties.defenderSecurityCenterNotificationsFromApp.ToString() } $enumDefenderSubmitSamplesConsentType = $null if ($null -ne $getValue.AdditionalProperties.defenderSubmitSamplesConsentType) { $enumDefenderSubmitSamplesConsentType = $getValue.AdditionalProperties.defenderSubmitSamplesConsentType.ToString() } $enumDefenderUntrustedExecutable = $null if ($null -ne $getValue.AdditionalProperties.defenderUntrustedExecutable) { $enumDefenderUntrustedExecutable = $getValue.AdditionalProperties.defenderUntrustedExecutable.ToString() } $enumDefenderUntrustedExecutableType = $null if ($null -ne $getValue.AdditionalProperties.defenderUntrustedExecutableType) { $enumDefenderUntrustedExecutableType = $getValue.AdditionalProperties.defenderUntrustedExecutableType.ToString() } $enumDefenderUntrustedUSBProcess = $null if ($null -ne $getValue.AdditionalProperties.defenderUntrustedUSBProcess) { $enumDefenderUntrustedUSBProcess = $getValue.AdditionalProperties.defenderUntrustedUSBProcess.ToString() } $enumDefenderUntrustedUSBProcessType = $null if ($null -ne $getValue.AdditionalProperties.defenderUntrustedUSBProcessType) { $enumDefenderUntrustedUSBProcessType = $getValue.AdditionalProperties.defenderUntrustedUSBProcessType.ToString() } $enumDeviceGuardLaunchSystemGuard = $null if ($null -ne $getValue.AdditionalProperties.deviceGuardLaunchSystemGuard) { $enumDeviceGuardLaunchSystemGuard = $getValue.AdditionalProperties.deviceGuardLaunchSystemGuard.ToString() } $enumDeviceGuardLocalSystemAuthorityCredentialGuardSettings = $null if ($null -ne $getValue.AdditionalProperties.deviceGuardLocalSystemAuthorityCredentialGuardSettings) { $enumDeviceGuardLocalSystemAuthorityCredentialGuardSettings = $getValue.AdditionalProperties.deviceGuardLocalSystemAuthorityCredentialGuardSettings.ToString() } $enumDeviceGuardSecureBootWithDMA = $null if ($null -ne $getValue.AdditionalProperties.deviceGuardSecureBootWithDMA) { $enumDeviceGuardSecureBootWithDMA = $getValue.AdditionalProperties.deviceGuardSecureBootWithDMA.ToString() } $enumDmaGuardDeviceEnumerationPolicy = $null if ($null -ne $getValue.AdditionalProperties.dmaGuardDeviceEnumerationPolicy) { $enumDmaGuardDeviceEnumerationPolicy = $getValue.AdditionalProperties.dmaGuardDeviceEnumerationPolicy.ToString() } $enumFirewallCertificateRevocationListCheckMethod = $null if ($null -ne $getValue.AdditionalProperties.firewallCertificateRevocationListCheckMethod) { $enumFirewallCertificateRevocationListCheckMethod = $getValue.AdditionalProperties.firewallCertificateRevocationListCheckMethod.ToString() } $enumFirewallPacketQueueingMethod = $null if ($null -ne $getValue.AdditionalProperties.firewallPacketQueueingMethod) { $enumFirewallPacketQueueingMethod = $getValue.AdditionalProperties.firewallPacketQueueingMethod.ToString() } $enumFirewallPreSharedKeyEncodingMethod = $null if ($null -ne $getValue.AdditionalProperties.firewallPreSharedKeyEncodingMethod) { $enumFirewallPreSharedKeyEncodingMethod = $getValue.AdditionalProperties.firewallPreSharedKeyEncodingMethod.ToString() } $enumLanManagerAuthenticationLevel = $null if ($null -ne $getValue.AdditionalProperties.lanManagerAuthenticationLevel) { $enumLanManagerAuthenticationLevel = $getValue.AdditionalProperties.lanManagerAuthenticationLevel.ToString() } $enumLocalSecurityOptionsAdministratorElevationPromptBehavior = $null if ($null -ne $getValue.AdditionalProperties.localSecurityOptionsAdministratorElevationPromptBehavior) { $enumLocalSecurityOptionsAdministratorElevationPromptBehavior = $getValue.AdditionalProperties.localSecurityOptionsAdministratorElevationPromptBehavior.ToString() } $enumLocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser = $null if ($null -ne $getValue.AdditionalProperties.localSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser) { $enumLocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser = $getValue.AdditionalProperties.localSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser.ToString() } $enumLocalSecurityOptionsInformationDisplayedOnLockScreen = $null if ($null -ne $getValue.AdditionalProperties.localSecurityOptionsInformationDisplayedOnLockScreen) { $enumLocalSecurityOptionsInformationDisplayedOnLockScreen = $getValue.AdditionalProperties.localSecurityOptionsInformationDisplayedOnLockScreen.ToString() } $enumLocalSecurityOptionsInformationShownOnLockScreen = $null if ($null -ne $getValue.AdditionalProperties.localSecurityOptionsInformationShownOnLockScreen) { $enumLocalSecurityOptionsInformationShownOnLockScreen = $getValue.AdditionalProperties.localSecurityOptionsInformationShownOnLockScreen.ToString() } $enumLocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients = $null if ($null -ne $getValue.AdditionalProperties.localSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients) { $enumLocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients = $getValue.AdditionalProperties.localSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients.ToString() } $enumLocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers = $null if ($null -ne $getValue.AdditionalProperties.localSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers) { $enumLocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers = $getValue.AdditionalProperties.localSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers.ToString() } $enumLocalSecurityOptionsSmartCardRemovalBehavior = $null if ($null -ne $getValue.AdditionalProperties.localSecurityOptionsSmartCardRemovalBehavior) { $enumLocalSecurityOptionsSmartCardRemovalBehavior = $getValue.AdditionalProperties.localSecurityOptionsSmartCardRemovalBehavior.ToString() } $enumLocalSecurityOptionsStandardUserElevationPromptBehavior = $null if ($null -ne $getValue.AdditionalProperties.localSecurityOptionsStandardUserElevationPromptBehavior) { $enumLocalSecurityOptionsStandardUserElevationPromptBehavior = $getValue.AdditionalProperties.localSecurityOptionsStandardUserElevationPromptBehavior.ToString() } $enumWindowsDefenderTamperProtection = $null if ($null -ne $getValue.AdditionalProperties.windowsDefenderTamperProtection) { $enumWindowsDefenderTamperProtection = $getValue.AdditionalProperties.windowsDefenderTamperProtection.ToString() } $enumXboxServicesAccessoryManagementServiceStartupMode = $null if ($null -ne $getValue.AdditionalProperties.xboxServicesAccessoryManagementServiceStartupMode) { $enumXboxServicesAccessoryManagementServiceStartupMode = $getValue.AdditionalProperties.xboxServicesAccessoryManagementServiceStartupMode.ToString() } $enumXboxServicesLiveAuthManagerServiceStartupMode = $null if ($null -ne $getValue.AdditionalProperties.xboxServicesLiveAuthManagerServiceStartupMode) { $enumXboxServicesLiveAuthManagerServiceStartupMode = $getValue.AdditionalProperties.xboxServicesLiveAuthManagerServiceStartupMode.ToString() } $enumXboxServicesLiveGameSaveServiceStartupMode = $null if ($null -ne $getValue.AdditionalProperties.xboxServicesLiveGameSaveServiceStartupMode) { $enumXboxServicesLiveGameSaveServiceStartupMode = $getValue.AdditionalProperties.xboxServicesLiveGameSaveServiceStartupMode.ToString() } $enumXboxServicesLiveNetworkingServiceStartupMode = $null if ($null -ne $getValue.AdditionalProperties.xboxServicesLiveNetworkingServiceStartupMode) { $enumXboxServicesLiveNetworkingServiceStartupMode = $getValue.AdditionalProperties.xboxServicesLiveNetworkingServiceStartupMode.ToString() } #endregion #region resource generator code $timeDefenderScheduledQuickScanTime = $null if ($null -ne $getValue.AdditionalProperties.defenderScheduledQuickScanTime) { $timeDefenderScheduledQuickScanTime = ([TimeSpan]$getValue.AdditionalProperties.defenderScheduledQuickScanTime).ToString() } $timeDefenderScheduledScanTime = $null if ($null -ne $getValue.AdditionalProperties.defenderScheduledScanTime) { $timeDefenderScheduledScanTime = ([TimeSpan]$getValue.AdditionalProperties.defenderScheduledScanTime).ToString() } #endregion $results = @{ #region resource generator code ApplicationGuardAllowCameraMicrophoneRedirection = $getValue.AdditionalProperties.applicationGuardAllowCameraMicrophoneRedirection ApplicationGuardAllowFileSaveOnHost = $getValue.AdditionalProperties.applicationGuardAllowFileSaveOnHost ApplicationGuardAllowPersistence = $getValue.AdditionalProperties.applicationGuardAllowPersistence ApplicationGuardAllowPrintToLocalPrinters = $getValue.AdditionalProperties.applicationGuardAllowPrintToLocalPrinters ApplicationGuardAllowPrintToNetworkPrinters = $getValue.AdditionalProperties.applicationGuardAllowPrintToNetworkPrinters ApplicationGuardAllowPrintToPDF = $getValue.AdditionalProperties.applicationGuardAllowPrintToPDF ApplicationGuardAllowPrintToXPS = $getValue.AdditionalProperties.applicationGuardAllowPrintToXPS ApplicationGuardAllowVirtualGPU = $getValue.AdditionalProperties.applicationGuardAllowVirtualGPU ApplicationGuardBlockClipboardSharing = $enumApplicationGuardBlockClipboardSharing ApplicationGuardBlockFileTransfer = $enumApplicationGuardBlockFileTransfer ApplicationGuardBlockNonEnterpriseContent = $getValue.AdditionalProperties.applicationGuardBlockNonEnterpriseContent ApplicationGuardCertificateThumbprints = $getValue.AdditionalProperties.applicationGuardCertificateThumbprints ApplicationGuardEnabled = $getValue.AdditionalProperties.applicationGuardEnabled ApplicationGuardEnabledOptions = $enumApplicationGuardEnabledOptions ApplicationGuardForceAuditing = $getValue.AdditionalProperties.applicationGuardForceAuditing AppLockerApplicationControl = $enumAppLockerApplicationControl BitLockerAllowStandardUserEncryption = $getValue.AdditionalProperties.bitLockerAllowStandardUserEncryption BitLockerDisableWarningForOtherDiskEncryption = $getValue.AdditionalProperties.bitLockerDisableWarningForOtherDiskEncryption BitLockerEnableStorageCardEncryptionOnMobile = $getValue.AdditionalProperties.bitLockerEnableStorageCardEncryptionOnMobile BitLockerEncryptDevice = $getValue.AdditionalProperties.bitLockerEncryptDevice BitLockerFixedDrivePolicy = $complexBitLockerFixedDrivePolicy BitLockerRecoveryPasswordRotation = $enumBitLockerRecoveryPasswordRotation BitLockerRemovableDrivePolicy = $complexBitLockerRemovableDrivePolicy BitLockerSystemDrivePolicy = $complexBitLockerSystemDrivePolicy DefenderAdditionalGuardedFolders = $getValue.AdditionalProperties.defenderAdditionalGuardedFolders DefenderAdobeReaderLaunchChildProcess = $enumDefenderAdobeReaderLaunchChildProcess DefenderAdvancedRansomewareProtectionType = $enumDefenderAdvancedRansomewareProtectionType DefenderAllowBehaviorMonitoring = $getValue.AdditionalProperties.defenderAllowBehaviorMonitoring DefenderAllowCloudProtection = $getValue.AdditionalProperties.defenderAllowCloudProtection DefenderAllowEndUserAccess = $getValue.AdditionalProperties.defenderAllowEndUserAccess DefenderAllowIntrusionPreventionSystem = $getValue.AdditionalProperties.defenderAllowIntrusionPreventionSystem DefenderAllowOnAccessProtection = $getValue.AdditionalProperties.defenderAllowOnAccessProtection DefenderAllowRealTimeMonitoring = $getValue.AdditionalProperties.defenderAllowRealTimeMonitoring DefenderAllowScanArchiveFiles = $getValue.AdditionalProperties.defenderAllowScanArchiveFiles DefenderAllowScanDownloads = $getValue.AdditionalProperties.defenderAllowScanDownloads DefenderAllowScanNetworkFiles = $getValue.AdditionalProperties.defenderAllowScanNetworkFiles DefenderAllowScanRemovableDrivesDuringFullScan = $getValue.AdditionalProperties.defenderAllowScanRemovableDrivesDuringFullScan DefenderAllowScanScriptsLoadedInInternetExplorer = $getValue.AdditionalProperties.defenderAllowScanScriptsLoadedInInternetExplorer DefenderAttackSurfaceReductionExcludedPaths = $getValue.AdditionalProperties.defenderAttackSurfaceReductionExcludedPaths DefenderBlockEndUserAccess = $getValue.AdditionalProperties.defenderBlockEndUserAccess DefenderBlockPersistenceThroughWmiType = $enumDefenderBlockPersistenceThroughWmiType DefenderCheckForSignaturesBeforeRunningScan = $getValue.AdditionalProperties.defenderCheckForSignaturesBeforeRunningScan DefenderCloudBlockLevel = $enumDefenderCloudBlockLevel DefenderCloudExtendedTimeoutInSeconds = $getValue.AdditionalProperties.defenderCloudExtendedTimeoutInSeconds DefenderDaysBeforeDeletingQuarantinedMalware = $getValue.AdditionalProperties.defenderDaysBeforeDeletingQuarantinedMalware DefenderDetectedMalwareActions = $complexDefenderDetectedMalwareActions DefenderDisableBehaviorMonitoring = $getValue.AdditionalProperties.defenderDisableBehaviorMonitoring DefenderDisableCatchupFullScan = $getValue.AdditionalProperties.defenderDisableCatchupFullScan DefenderDisableCatchupQuickScan = $getValue.AdditionalProperties.defenderDisableCatchupQuickScan DefenderDisableCloudProtection = $getValue.AdditionalProperties.defenderDisableCloudProtection DefenderDisableIntrusionPreventionSystem = $getValue.AdditionalProperties.defenderDisableIntrusionPreventionSystem DefenderDisableOnAccessProtection = $getValue.AdditionalProperties.defenderDisableOnAccessProtection DefenderDisableRealTimeMonitoring = $getValue.AdditionalProperties.defenderDisableRealTimeMonitoring DefenderDisableScanArchiveFiles = $getValue.AdditionalProperties.defenderDisableScanArchiveFiles DefenderDisableScanDownloads = $getValue.AdditionalProperties.defenderDisableScanDownloads DefenderDisableScanNetworkFiles = $getValue.AdditionalProperties.defenderDisableScanNetworkFiles DefenderDisableScanRemovableDrivesDuringFullScan = $getValue.AdditionalProperties.defenderDisableScanRemovableDrivesDuringFullScan DefenderDisableScanScriptsLoadedInInternetExplorer = $getValue.AdditionalProperties.defenderDisableScanScriptsLoadedInInternetExplorer DefenderEmailContentExecution = $enumDefenderEmailContentExecution DefenderEmailContentExecutionType = $enumDefenderEmailContentExecutionType DefenderEnableLowCpuPriority = $getValue.AdditionalProperties.defenderEnableLowCpuPriority DefenderEnableScanIncomingMail = $getValue.AdditionalProperties.defenderEnableScanIncomingMail DefenderEnableScanMappedNetworkDrivesDuringFullScan = $getValue.AdditionalProperties.defenderEnableScanMappedNetworkDrivesDuringFullScan DefenderExploitProtectionXml = $getValue.AdditionalProperties.defenderExploitProtectionXml DefenderExploitProtectionXmlFileName = $getValue.AdditionalProperties.defenderExploitProtectionXmlFileName DefenderFileExtensionsToExclude = $getValue.AdditionalProperties.defenderFileExtensionsToExclude DefenderFilesAndFoldersToExclude = $getValue.AdditionalProperties.defenderFilesAndFoldersToExclude DefenderGuardedFoldersAllowedAppPaths = $getValue.AdditionalProperties.defenderGuardedFoldersAllowedAppPaths DefenderGuardMyFoldersType = $enumDefenderGuardMyFoldersType DefenderNetworkProtectionType = $enumDefenderNetworkProtectionType DefenderOfficeAppsExecutableContentCreationOrLaunch = $enumDefenderOfficeAppsExecutableContentCreationOrLaunch DefenderOfficeAppsExecutableContentCreationOrLaunchType = $enumDefenderOfficeAppsExecutableContentCreationOrLaunchType DefenderOfficeAppsLaunchChildProcess = $enumDefenderOfficeAppsLaunchChildProcess DefenderOfficeAppsLaunchChildProcessType = $enumDefenderOfficeAppsLaunchChildProcessType DefenderOfficeAppsOtherProcessInjection = $enumDefenderOfficeAppsOtherProcessInjection DefenderOfficeAppsOtherProcessInjectionType = $enumDefenderOfficeAppsOtherProcessInjectionType DefenderOfficeCommunicationAppsLaunchChildProcess = $enumDefenderOfficeCommunicationAppsLaunchChildProcess DefenderOfficeMacroCodeAllowWin32Imports = $enumDefenderOfficeMacroCodeAllowWin32Imports DefenderOfficeMacroCodeAllowWin32ImportsType = $enumDefenderOfficeMacroCodeAllowWin32ImportsType DefenderPotentiallyUnwantedAppAction = $enumDefenderPotentiallyUnwantedAppAction DefenderPreventCredentialStealingType = $enumDefenderPreventCredentialStealingType DefenderProcessCreation = $enumDefenderProcessCreation DefenderProcessCreationType = $enumDefenderProcessCreationType DefenderProcessesToExclude = $getValue.AdditionalProperties.defenderProcessesToExclude DefenderScanDirection = $enumDefenderScanDirection DefenderScanMaxCpuPercentage = $getValue.AdditionalProperties.defenderScanMaxCpuPercentage DefenderScanType = $enumDefenderScanType DefenderScheduledQuickScanTime = $timeDefenderScheduledQuickScanTime DefenderScheduledScanDay = $enumDefenderScheduledScanDay DefenderScheduledScanTime = $timeDefenderScheduledScanTime DefenderScriptDownloadedPayloadExecution = $enumDefenderScriptDownloadedPayloadExecution DefenderScriptDownloadedPayloadExecutionType = $enumDefenderScriptDownloadedPayloadExecutionType DefenderScriptObfuscatedMacroCode = $enumDefenderScriptObfuscatedMacroCode DefenderScriptObfuscatedMacroCodeType = $enumDefenderScriptObfuscatedMacroCodeType DefenderSecurityCenterBlockExploitProtectionOverride = $getValue.AdditionalProperties.defenderSecurityCenterBlockExploitProtectionOverride DefenderSecurityCenterDisableAccountUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableAccountUI DefenderSecurityCenterDisableAppBrowserUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableAppBrowserUI DefenderSecurityCenterDisableClearTpmUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableClearTpmUI DefenderSecurityCenterDisableFamilyUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableFamilyUI DefenderSecurityCenterDisableHardwareUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableHardwareUI DefenderSecurityCenterDisableHealthUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableHealthUI DefenderSecurityCenterDisableNetworkUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableNetworkUI DefenderSecurityCenterDisableNotificationAreaUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableNotificationAreaUI DefenderSecurityCenterDisableRansomwareUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableRansomwareUI DefenderSecurityCenterDisableSecureBootUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableSecureBootUI DefenderSecurityCenterDisableTroubleshootingUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableTroubleshootingUI DefenderSecurityCenterDisableVirusUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableVirusUI DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI = $getValue.AdditionalProperties.defenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI DefenderSecurityCenterHelpEmail = $getValue.AdditionalProperties.defenderSecurityCenterHelpEmail DefenderSecurityCenterHelpPhone = $getValue.AdditionalProperties.defenderSecurityCenterHelpPhone DefenderSecurityCenterHelpURL = $getValue.AdditionalProperties.defenderSecurityCenterHelpURL DefenderSecurityCenterITContactDisplay = $enumDefenderSecurityCenterITContactDisplay DefenderSecurityCenterNotificationsFromApp = $enumDefenderSecurityCenterNotificationsFromApp DefenderSecurityCenterOrganizationDisplayName = $getValue.AdditionalProperties.defenderSecurityCenterOrganizationDisplayName DefenderSignatureUpdateIntervalInHours = $getValue.AdditionalProperties.defenderSignatureUpdateIntervalInHours DefenderSubmitSamplesConsentType = $enumDefenderSubmitSamplesConsentType DefenderUntrustedExecutable = $enumDefenderUntrustedExecutable DefenderUntrustedExecutableType = $enumDefenderUntrustedExecutableType DefenderUntrustedUSBProcess = $enumDefenderUntrustedUSBProcess DefenderUntrustedUSBProcessType = $enumDefenderUntrustedUSBProcessType DeviceGuardEnableSecureBootWithDMA = $getValue.AdditionalProperties.deviceGuardEnableSecureBootWithDMA DeviceGuardEnableVirtualizationBasedSecurity = $getValue.AdditionalProperties.deviceGuardEnableVirtualizationBasedSecurity DeviceGuardLaunchSystemGuard = $enumDeviceGuardLaunchSystemGuard DeviceGuardLocalSystemAuthorityCredentialGuardSettings = $enumDeviceGuardLocalSystemAuthorityCredentialGuardSettings DeviceGuardSecureBootWithDMA = $enumDeviceGuardSecureBootWithDMA DmaGuardDeviceEnumerationPolicy = $enumDmaGuardDeviceEnumerationPolicy FirewallBlockStatefulFTP = $getValue.AdditionalProperties.firewallBlockStatefulFTP FirewallCertificateRevocationListCheckMethod = $enumFirewallCertificateRevocationListCheckMethod FirewallIdleTimeoutForSecurityAssociationInSeconds = $getValue.AdditionalProperties.firewallIdleTimeoutForSecurityAssociationInSeconds FirewallIPSecExemptionsAllowDHCP = $getValue.AdditionalProperties.firewallIPSecExemptionsAllowDHCP FirewallIPSecExemptionsAllowICMP = $getValue.AdditionalProperties.firewallIPSecExemptionsAllowICMP FirewallIPSecExemptionsAllowNeighborDiscovery = $getValue.AdditionalProperties.firewallIPSecExemptionsAllowNeighborDiscovery FirewallIPSecExemptionsAllowRouterDiscovery = $getValue.AdditionalProperties.firewallIPSecExemptionsAllowRouterDiscovery FirewallIPSecExemptionsNone = $getValue.AdditionalProperties.firewallIPSecExemptionsNone FirewallMergeKeyingModuleSettings = $getValue.AdditionalProperties.firewallMergeKeyingModuleSettings FirewallPacketQueueingMethod = $enumFirewallPacketQueueingMethod FirewallPreSharedKeyEncodingMethod = $enumFirewallPreSharedKeyEncodingMethod FirewallProfileDomain = $complexFirewallProfileDomain FirewallProfilePrivate = $complexFirewallProfilePrivate FirewallProfilePublic = $complexFirewallProfilePublic FirewallRules = $complexFirewallRules LanManagerAuthenticationLevel = $enumLanManagerAuthenticationLevel LanManagerWorkstationDisableInsecureGuestLogons = $getValue.AdditionalProperties.lanManagerWorkstationDisableInsecureGuestLogons LocalSecurityOptionsAdministratorAccountName = $getValue.AdditionalProperties.localSecurityOptionsAdministratorAccountName LocalSecurityOptionsAdministratorElevationPromptBehavior = $enumLocalSecurityOptionsAdministratorElevationPromptBehavior LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares = $getValue.AdditionalProperties.localSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares LocalSecurityOptionsAllowPKU2UAuthenticationRequests = $getValue.AdditionalProperties.localSecurityOptionsAllowPKU2UAuthenticationRequests LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager = $getValue.AdditionalProperties.localSecurityOptionsAllowRemoteCallsToSecurityAccountsManager LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool = $getValue.AdditionalProperties.localSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn = $getValue.AdditionalProperties.localSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn LocalSecurityOptionsAllowUIAccessApplicationElevation = $getValue.AdditionalProperties.localSecurityOptionsAllowUIAccessApplicationElevation LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations = $getValue.AdditionalProperties.localSecurityOptionsAllowUIAccessApplicationsForSecureLocations LocalSecurityOptionsAllowUndockWithoutHavingToLogon = $getValue.AdditionalProperties.localSecurityOptionsAllowUndockWithoutHavingToLogon LocalSecurityOptionsBlockMicrosoftAccounts = $getValue.AdditionalProperties.localSecurityOptionsBlockMicrosoftAccounts LocalSecurityOptionsBlockRemoteLogonWithBlankPassword = $getValue.AdditionalProperties.localSecurityOptionsBlockRemoteLogonWithBlankPassword LocalSecurityOptionsBlockRemoteOpticalDriveAccess = $getValue.AdditionalProperties.localSecurityOptionsBlockRemoteOpticalDriveAccess LocalSecurityOptionsBlockUsersInstallingPrinterDrivers = $getValue.AdditionalProperties.localSecurityOptionsBlockUsersInstallingPrinterDrivers LocalSecurityOptionsClearVirtualMemoryPageFile = $getValue.AdditionalProperties.localSecurityOptionsClearVirtualMemoryPageFile LocalSecurityOptionsClientDigitallySignCommunicationsAlways = $getValue.AdditionalProperties.localSecurityOptionsClientDigitallySignCommunicationsAlways LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers = $getValue.AdditionalProperties.localSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation = $getValue.AdditionalProperties.localSecurityOptionsDetectApplicationInstallationsAndPromptForElevation LocalSecurityOptionsDisableAdministratorAccount = $getValue.AdditionalProperties.localSecurityOptionsDisableAdministratorAccount LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees = $getValue.AdditionalProperties.localSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees LocalSecurityOptionsDisableGuestAccount = $getValue.AdditionalProperties.localSecurityOptionsDisableGuestAccount LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways = $getValue.AdditionalProperties.localSecurityOptionsDisableServerDigitallySignCommunicationsAlways LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees = $getValue.AdditionalProperties.localSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts = $getValue.AdditionalProperties.localSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts LocalSecurityOptionsDoNotRequireCtrlAltDel = $getValue.AdditionalProperties.localSecurityOptionsDoNotRequireCtrlAltDel LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange = $getValue.AdditionalProperties.localSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser = $enumLocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser LocalSecurityOptionsGuestAccountName = $getValue.AdditionalProperties.localSecurityOptionsGuestAccountName LocalSecurityOptionsHideLastSignedInUser = $getValue.AdditionalProperties.localSecurityOptionsHideLastSignedInUser LocalSecurityOptionsHideUsernameAtSignIn = $getValue.AdditionalProperties.localSecurityOptionsHideUsernameAtSignIn LocalSecurityOptionsInformationDisplayedOnLockScreen = $enumLocalSecurityOptionsInformationDisplayedOnLockScreen LocalSecurityOptionsInformationShownOnLockScreen = $enumLocalSecurityOptionsInformationShownOnLockScreen LocalSecurityOptionsLogOnMessageText = $getValue.AdditionalProperties.localSecurityOptionsLogOnMessageText LocalSecurityOptionsLogOnMessageTitle = $getValue.AdditionalProperties.localSecurityOptionsLogOnMessageTitle LocalSecurityOptionsMachineInactivityLimit = $getValue.AdditionalProperties.localSecurityOptionsMachineInactivityLimit LocalSecurityOptionsMachineInactivityLimitInMinutes = $getValue.AdditionalProperties.localSecurityOptionsMachineInactivityLimitInMinutes LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients = $enumLocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers = $enumLocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers LocalSecurityOptionsOnlyElevateSignedExecutables = $getValue.AdditionalProperties.localSecurityOptionsOnlyElevateSignedExecutables LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares = $getValue.AdditionalProperties.localSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares LocalSecurityOptionsSmartCardRemovalBehavior = $enumLocalSecurityOptionsSmartCardRemovalBehavior LocalSecurityOptionsStandardUserElevationPromptBehavior = $enumLocalSecurityOptionsStandardUserElevationPromptBehavior LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation = $getValue.AdditionalProperties.localSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation LocalSecurityOptionsUseAdminApprovalMode = $getValue.AdditionalProperties.localSecurityOptionsUseAdminApprovalMode LocalSecurityOptionsUseAdminApprovalModeForAdministrators = $getValue.AdditionalProperties.localSecurityOptionsUseAdminApprovalModeForAdministrators LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations = $getValue.AdditionalProperties.localSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations SmartScreenBlockOverrideForFiles = $getValue.AdditionalProperties.smartScreenBlockOverrideForFiles SmartScreenEnableInShell = $getValue.AdditionalProperties.smartScreenEnableInShell UserRightsAccessCredentialManagerAsTrustedCaller = $complexUserRightsAccessCredentialManagerAsTrustedCaller UserRightsActAsPartOfTheOperatingSystem = $complexUserRightsActAsPartOfTheOperatingSystem UserRightsAllowAccessFromNetwork = $complexUserRightsAllowAccessFromNetwork UserRightsBackupData = $complexUserRightsBackupData UserRightsBlockAccessFromNetwork = $complexUserRightsBlockAccessFromNetwork UserRightsChangeSystemTime = $complexUserRightsChangeSystemTime UserRightsCreateGlobalObjects = $complexUserRightsCreateGlobalObjects UserRightsCreatePageFile = $complexUserRightsCreatePageFile UserRightsCreatePermanentSharedObjects = $complexUserRightsCreatePermanentSharedObjects UserRightsCreateSymbolicLinks = $complexUserRightsCreateSymbolicLinks UserRightsCreateToken = $complexUserRightsCreateToken UserRightsDebugPrograms = $complexUserRightsDebugPrograms UserRightsDelegation = $complexUserRightsDelegation UserRightsDenyLocalLogOn = $complexUserRightsDenyLocalLogOn UserRightsGenerateSecurityAudits = $complexUserRightsGenerateSecurityAudits UserRightsImpersonateClient = $complexUserRightsImpersonateClient UserRightsIncreaseSchedulingPriority = $complexUserRightsIncreaseSchedulingPriority UserRightsLoadUnloadDrivers = $complexUserRightsLoadUnloadDrivers UserRightsLocalLogOn = $complexUserRightsLocalLogOn UserRightsLockMemory = $complexUserRightsLockMemory UserRightsManageAuditingAndSecurityLogs = $complexUserRightsManageAuditingAndSecurityLogs UserRightsManageVolumes = $complexUserRightsManageVolumes UserRightsModifyFirmwareEnvironment = $complexUserRightsModifyFirmwareEnvironment UserRightsModifyObjectLabels = $complexUserRightsModifyObjectLabels UserRightsProfileSingleProcess = $complexUserRightsProfileSingleProcess UserRightsRemoteDesktopServicesLogOn = $complexUserRightsRemoteDesktopServicesLogOn UserRightsRemoteShutdown = $complexUserRightsRemoteShutdown UserRightsRestoreData = $complexUserRightsRestoreData UserRightsTakeOwnership = $complexUserRightsTakeOwnership WindowsDefenderTamperProtection = $enumWindowsDefenderTamperProtection XboxServicesAccessoryManagementServiceStartupMode = $enumXboxServicesAccessoryManagementServiceStartupMode XboxServicesEnableXboxGameSaveTask = $getValue.AdditionalProperties.xboxServicesEnableXboxGameSaveTask XboxServicesLiveAuthManagerServiceStartupMode = $enumXboxServicesLiveAuthManagerServiceStartupMode XboxServicesLiveGameSaveServiceStartupMode = $enumXboxServicesLiveGameSaveServiceStartupMode XboxServicesLiveNetworkingServiceStartupMode = $enumXboxServicesLiveNetworkingServiceStartupMode Description = $getValue.Description DisplayName = $getValue.DisplayName SupportsScopeTags = $getValue.SupportsScopeTags Id = $getValue.Id Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent #endregion } $assignmentsValues = Get-MgBetaDeviceManagementDeviceConfigurationAssignment -DeviceConfigurationId $Id $assignmentResult = @() foreach ($assignmentEntry in $AssignmentsValues) { $assignmentValue = @{ dataType = $assignmentEntry.Target.AdditionalProperties.'@odata.type' deviceAndAppManagementAssignmentFilterType = $(if ($null -ne $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType) { $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterType.ToString() }) deviceAndAppManagementAssignmentFilterId = $assignmentEntry.Target.DeviceAndAppManagementAssignmentFilterId groupId = $assignmentEntry.Target.AdditionalProperties.groupId } $assignmentResult += $assignmentValue } $results.Add('Assignments', $assignmentResult) return [System.Collections.Hashtable] $results } catch { New-M365DSCLogEntry -Message 'Error retrieving data:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential return $nullResult } } function Set-TargetResource { [CmdletBinding()] param ( #region resource generator code [Parameter()] [System.Boolean] $ApplicationGuardAllowCameraMicrophoneRedirection, [Parameter()] [System.Boolean] $ApplicationGuardAllowFileSaveOnHost, [Parameter()] [System.Boolean] $ApplicationGuardAllowPersistence, [Parameter()] [System.Boolean] $ApplicationGuardAllowPrintToLocalPrinters, [Parameter()] [System.Boolean] $ApplicationGuardAllowPrintToNetworkPrinters, [Parameter()] [System.Boolean] $ApplicationGuardAllowPrintToPDF, [Parameter()] [System.Boolean] $ApplicationGuardAllowPrintToXPS, [Parameter()] [System.Boolean] $ApplicationGuardAllowVirtualGPU, [Parameter()] [ValidateSet('notConfigured', 'blockBoth', 'blockHostToContainer', 'blockContainerToHost', 'blockNone')] [System.String] $ApplicationGuardBlockClipboardSharing, [Parameter()] [ValidateSet('notConfigured', 'blockImageAndTextFile', 'blockImageFile', 'blockNone', 'blockTextFile')] [System.String] $ApplicationGuardBlockFileTransfer, [Parameter()] [System.Boolean] $ApplicationGuardBlockNonEnterpriseContent, [Parameter()] [System.String[]] $ApplicationGuardCertificateThumbprints, [Parameter()] [System.Boolean] $ApplicationGuardEnabled, [Parameter()] [ValidateSet('notConfigured', 'enabledForEdge', 'enabledForOffice', 'enabledForEdgeAndOffice')] [System.String] $ApplicationGuardEnabledOptions, [Parameter()] [System.Boolean] $ApplicationGuardForceAuditing, [Parameter()] [ValidateSet('notConfigured', 'enforceComponentsAndStoreApps', 'auditComponentsAndStoreApps', 'enforceComponentsStoreAppsAndSmartlocker', 'auditComponentsStoreAppsAndSmartlocker')] [System.String] $AppLockerApplicationControl, [Parameter()] [System.Boolean] $BitLockerAllowStandardUserEncryption, [Parameter()] [System.Boolean] $BitLockerDisableWarningForOtherDiskEncryption, [Parameter()] [System.Boolean] $BitLockerEnableStorageCardEncryptionOnMobile, [Parameter()] [System.Boolean] $BitLockerEncryptDevice, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $BitLockerFixedDrivePolicy, [Parameter()] [ValidateSet('notConfigured', 'disabled', 'enabledForAzureAd', 'enabledForAzureAdAndHybrid')] [System.String] $BitLockerRecoveryPasswordRotation, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $BitLockerRemovableDrivePolicy, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $BitLockerSystemDrivePolicy, [Parameter()] [System.String[]] $DefenderAdditionalGuardedFolders, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdobeReaderLaunchChildProcess, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdvancedRansomewareProtectionType, [Parameter()] [System.Boolean] $DefenderAllowBehaviorMonitoring, [Parameter()] [System.Boolean] $DefenderAllowCloudProtection, [Parameter()] [System.Boolean] $DefenderAllowEndUserAccess, [Parameter()] [System.Boolean] $DefenderAllowIntrusionPreventionSystem, [Parameter()] [System.Boolean] $DefenderAllowOnAccessProtection, [Parameter()] [System.Boolean] $DefenderAllowRealTimeMonitoring, [Parameter()] [System.Boolean] $DefenderAllowScanArchiveFiles, [Parameter()] [System.Boolean] $DefenderAllowScanDownloads, [Parameter()] [System.Boolean] $DefenderAllowScanNetworkFiles, [Parameter()] [System.Boolean] $DefenderAllowScanRemovableDrivesDuringFullScan, [Parameter()] [System.Boolean] $DefenderAllowScanScriptsLoadedInInternetExplorer, [Parameter()] [System.String[]] $DefenderAttackSurfaceReductionExcludedPaths, [Parameter()] [System.Boolean] $DefenderBlockEndUserAccess, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderBlockPersistenceThroughWmiType, [Parameter()] [System.Boolean] $DefenderCheckForSignaturesBeforeRunningScan, [Parameter()] [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, [Parameter()] [System.Int32] $DefenderCloudExtendedTimeoutInSeconds, [Parameter()] [System.Int32] $DefenderDaysBeforeDeletingQuarantinedMalware, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $DefenderDetectedMalwareActions, [Parameter()] [System.Boolean] $DefenderDisableBehaviorMonitoring, [Parameter()] [System.Boolean] $DefenderDisableCatchupFullScan, [Parameter()] [System.Boolean] $DefenderDisableCatchupQuickScan, [Parameter()] [System.Boolean] $DefenderDisableCloudProtection, [Parameter()] [System.Boolean] $DefenderDisableIntrusionPreventionSystem, [Parameter()] [System.Boolean] $DefenderDisableOnAccessProtection, [Parameter()] [System.Boolean] $DefenderDisableRealTimeMonitoring, [Parameter()] [System.Boolean] $DefenderDisableScanArchiveFiles, [Parameter()] [System.Boolean] $DefenderDisableScanDownloads, [Parameter()] [System.Boolean] $DefenderDisableScanNetworkFiles, [Parameter()] [System.Boolean] $DefenderDisableScanRemovableDrivesDuringFullScan, [Parameter()] [System.Boolean] $DefenderDisableScanScriptsLoadedInInternetExplorer, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderEmailContentExecution, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderEmailContentExecutionType, [Parameter()] [System.Boolean] $DefenderEnableLowCpuPriority, [Parameter()] [System.Boolean] $DefenderEnableScanIncomingMail, [Parameter()] [System.Boolean] $DefenderEnableScanMappedNetworkDrivesDuringFullScan, [Parameter()] [System.String] $DefenderExploitProtectionXml, [Parameter()] [System.String] $DefenderExploitProtectionXmlFileName, [Parameter()] [System.String[]] $DefenderFileExtensionsToExclude, [Parameter()] [System.String[]] $DefenderFilesAndFoldersToExclude, [Parameter()] [System.String[]] $DefenderGuardedFoldersAllowedAppPaths, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'blockDiskModification', 'auditDiskModification')] [System.String] $DefenderGuardMyFoldersType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderNetworkProtectionType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunch, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunchType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsLaunchChildProcess, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsLaunchChildProcessType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsOtherProcessInjection, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsOtherProcessInjectionType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeCommunicationAppsLaunchChildProcess, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeMacroCodeAllowWin32Imports, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeMacroCodeAllowWin32ImportsType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPreventCredentialStealingType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderProcessCreation, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderProcessCreationType, [Parameter()] [System.String[]] $DefenderProcessesToExclude, [Parameter()] [ValidateSet('monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderScanDirection, [Parameter()] [System.Int32] $DefenderScanMaxCpuPercentage, [Parameter()] [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, [Parameter()] [System.TimeSpan] $DefenderScheduledQuickScanTime, [Parameter()] [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderScheduledScanDay, [Parameter()] [System.TimeSpan] $DefenderScheduledScanTime, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptDownloadedPayloadExecution, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptDownloadedPayloadExecutionType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptObfuscatedMacroCode, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptObfuscatedMacroCodeType, [Parameter()] [System.Boolean] $DefenderSecurityCenterBlockExploitProtectionOverride, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableAccountUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableAppBrowserUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableClearTpmUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableFamilyUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableHardwareUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableHealthUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableNetworkUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableNotificationAreaUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableRansomwareUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableSecureBootUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableTroubleshootingUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableVirusUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI, [Parameter()] [System.String] $DefenderSecurityCenterHelpEmail, [Parameter()] [System.String] $DefenderSecurityCenterHelpPhone, [Parameter()] [System.String] $DefenderSecurityCenterHelpURL, [Parameter()] [ValidateSet('notConfigured', 'displayInAppAndInNotifications', 'displayOnlyInApp', 'displayOnlyInNotifications')] [System.String] $DefenderSecurityCenterITContactDisplay, [Parameter()] [ValidateSet('notConfigured', 'blockNoncriticalNotifications', 'blockAllNotifications')] [System.String] $DefenderSecurityCenterNotificationsFromApp, [Parameter()] [System.String] $DefenderSecurityCenterOrganizationDisplayName, [Parameter()] [System.Int32] $DefenderSignatureUpdateIntervalInHours, [Parameter()] [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedExecutable, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedExecutableType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedUSBProcess, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedUSBProcessType, [Parameter()] [System.Boolean] $DeviceGuardEnableSecureBootWithDMA, [Parameter()] [System.Boolean] $DeviceGuardEnableVirtualizationBasedSecurity, [Parameter()] [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $DeviceGuardLaunchSystemGuard, [Parameter()] [ValidateSet('notConfigured', 'enableWithUEFILock', 'enableWithoutUEFILock', 'disable')] [System.String] $DeviceGuardLocalSystemAuthorityCredentialGuardSettings, [Parameter()] [ValidateSet('notConfigured', 'withoutDMA', 'withDMA')] [System.String] $DeviceGuardSecureBootWithDMA, [Parameter()] [ValidateSet('deviceDefault', 'blockAll', 'allowAll')] [System.String] $DmaGuardDeviceEnumerationPolicy, [Parameter()] [System.Boolean] $FirewallBlockStatefulFTP, [Parameter()] [ValidateSet('deviceDefault', 'none', 'attempt', 'require')] [System.String] $FirewallCertificateRevocationListCheckMethod, [Parameter()] [System.Int32] $FirewallIdleTimeoutForSecurityAssociationInSeconds, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsAllowDHCP, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsAllowICMP, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsAllowNeighborDiscovery, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsAllowRouterDiscovery, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsNone, [Parameter()] [System.Boolean] $FirewallMergeKeyingModuleSettings, [Parameter()] [ValidateSet('deviceDefault', 'disabled', 'queueInbound', 'queueOutbound', 'queueBoth')] [System.String] $FirewallPacketQueueingMethod, [Parameter()] [ValidateSet('deviceDefault', 'none', 'utF8')] [System.String] $FirewallPreSharedKeyEncodingMethod, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $FirewallProfileDomain, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $FirewallProfilePrivate, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $FirewallProfilePublic, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $FirewallRules, [Parameter()] [ValidateSet('lmAndNltm', 'lmNtlmAndNtlmV2', 'lmAndNtlmOnly', 'lmAndNtlmV2', 'lmNtlmV2AndNotLm', 'lmNtlmV2AndNotLmOrNtm')] [System.String] $LanManagerAuthenticationLevel, [Parameter()] [System.Boolean] $LanManagerWorkstationDisableInsecureGuestLogons, [Parameter()] [System.String] $LocalSecurityOptionsAdministratorAccountName, [Parameter()] [ValidateSet('notConfigured', 'elevateWithoutPrompting', 'promptForCredentialsOnTheSecureDesktop', 'promptForConsentOnTheSecureDesktop', 'promptForCredentials', 'promptForConsent', 'promptForConsentForNonWindowsBinaries')] [System.String] $LocalSecurityOptionsAdministratorElevationPromptBehavior, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowPKU2UAuthenticationRequests, [Parameter()] [System.String] $LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowUIAccessApplicationElevation, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowUndockWithoutHavingToLogon, [Parameter()] [System.Boolean] $LocalSecurityOptionsBlockMicrosoftAccounts, [Parameter()] [System.Boolean] $LocalSecurityOptionsBlockRemoteLogonWithBlankPassword, [Parameter()] [System.Boolean] $LocalSecurityOptionsBlockRemoteOpticalDriveAccess, [Parameter()] [System.Boolean] $LocalSecurityOptionsBlockUsersInstallingPrinterDrivers, [Parameter()] [System.Boolean] $LocalSecurityOptionsClearVirtualMemoryPageFile, [Parameter()] [System.Boolean] $LocalSecurityOptionsClientDigitallySignCommunicationsAlways, [Parameter()] [System.Boolean] $LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers, [Parameter()] [System.Boolean] $LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableAdministratorAccount, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableGuestAccount, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees, [Parameter()] [System.Boolean] $LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts, [Parameter()] [System.Boolean] $LocalSecurityOptionsDoNotRequireCtrlAltDel, [Parameter()] [System.Boolean] $LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange, [Parameter()] [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser, [Parameter()] [System.String] $LocalSecurityOptionsGuestAccountName, [Parameter()] [System.Boolean] $LocalSecurityOptionsHideLastSignedInUser, [Parameter()] [System.Boolean] $LocalSecurityOptionsHideUsernameAtSignIn, [Parameter()] [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsInformationDisplayedOnLockScreen, [Parameter()] [ValidateSet('notConfigured', 'userDisplayNameDomainUser', 'userDisplayNameOnly', 'doNotDisplayUser')] [System.String] $LocalSecurityOptionsInformationShownOnLockScreen, [Parameter()] [System.String] $LocalSecurityOptionsLogOnMessageText, [Parameter()] [System.String] $LocalSecurityOptionsLogOnMessageTitle, [Parameter()] [System.Int32] $LocalSecurityOptionsMachineInactivityLimit, [Parameter()] [System.Int32] $LocalSecurityOptionsMachineInactivityLimitInMinutes, [Parameter()] [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients, [Parameter()] [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers, [Parameter()] [System.Boolean] $LocalSecurityOptionsOnlyElevateSignedExecutables, [Parameter()] [System.Boolean] $LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares, [Parameter()] [ValidateSet('noAction', 'lockWorkstation', 'forceLogoff', 'disconnectRemoteDesktopSession')] [System.String] $LocalSecurityOptionsSmartCardRemovalBehavior, [Parameter()] [ValidateSet('notConfigured', 'automaticallyDenyElevationRequests', 'promptForCredentialsOnTheSecureDesktop', 'promptForCredentials')] [System.String] $LocalSecurityOptionsStandardUserElevationPromptBehavior, [Parameter()] [System.Boolean] $LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation, [Parameter()] [System.Boolean] $LocalSecurityOptionsUseAdminApprovalMode, [Parameter()] [System.Boolean] $LocalSecurityOptionsUseAdminApprovalModeForAdministrators, [Parameter()] [System.Boolean] $LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations, [Parameter()] [System.Boolean] $SmartScreenBlockOverrideForFiles, [Parameter()] [System.Boolean] $SmartScreenEnableInShell, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsAccessCredentialManagerAsTrustedCaller, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsActAsPartOfTheOperatingSystem, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsAllowAccessFromNetwork, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsBackupData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsBlockAccessFromNetwork, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsChangeSystemTime, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreateGlobalObjects, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreatePageFile, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreatePermanentSharedObjects, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreateSymbolicLinks, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreateToken, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsDebugPrograms, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsDelegation, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsDenyLocalLogOn, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsGenerateSecurityAudits, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsImpersonateClient, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsIncreaseSchedulingPriority, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsLoadUnloadDrivers, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsLocalLogOn, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsLockMemory, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsManageAuditingAndSecurityLogs, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsManageVolumes, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsModifyFirmwareEnvironment, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsModifyObjectLabels, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsProfileSingleProcess, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsRemoteDesktopServicesLogOn, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsRemoteShutdown, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsRestoreData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsTakeOwnership, [Parameter()] [ValidateSet('notConfigured', 'enable', 'disable')] [System.String] $WindowsDefenderTamperProtection, [Parameter()] [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesAccessoryManagementServiceStartupMode, [Parameter()] [System.Boolean] $XboxServicesEnableXboxGameSaveTask, [Parameter()] [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveAuthManagerServiceStartupMode, [Parameter()] [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveGameSaveServiceStartupMode, [Parameter()] [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveNetworkingServiceStartupMode, [Parameter()] [System.String] $Description, [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] [System.Boolean] $SupportsScopeTags, [Parameter()] [System.String] $Id, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, #endregion [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] $Credential, [Parameter()] [System.String] $ApplicationId, [Parameter()] [System.String] $TenantId, [Parameter()] [System.Management.Automation.PSCredential] $ApplicationSecret, [Parameter()] [System.String] $CertificateThumbprint, [Parameter()] [Switch] $ManagedIdentity ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion $currentInstance = Get-TargetResource @PSBoundParameters $PSBoundParameters = Remove-M365DSCAuthenticationParameter -BoundParameters $PSBoundParameters if ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Absent') { Write-Verbose -Message "Creating an Intune Device Configuration Endpoint Protection Policy for Windows10 with DisplayName {$DisplayName}" $PSBoundParameters.Remove('Assignments') | Out-Null $CreateParameters = ([Hashtable]$PSBoundParameters).clone() $CreateParameters = Rename-M365DSCCimInstanceParameter -Properties $CreateParameters $CreateParameters.Remove('Id') | Out-Null $keys = (([Hashtable]$CreateParameters).clone()).Keys foreach ($key in $keys) { if ($null -ne $CreateParameters.$key -and $CreateParameters.$key.getType().Name -like '*cimInstance*') { $CreateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $CreateParameters.$key } } #region resource generator code $CreateParameters.Add("@odata.type", "#microsoft.graph.windows10EndpointProtectionConfiguration") $policy = New-MgBetaDeviceManagementDeviceConfiguration -BodyParameter $CreateParameters $assignmentsHash = @() foreach($assignment in $Assignments) { $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } if ($policy.id) { Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $policy.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' } #endregion } elseif ($Ensure -eq 'Present' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Updating the Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$($currentInstance.Id)}" $PSBoundParameters.Remove('Assignments') | Out-Null $UpdateParameters = ([Hashtable]$PSBoundParameters).clone() $UpdateParameters = Rename-M365DSCCimInstanceParameter -Properties $UpdateParameters $UpdateParameters.Remove('Id') | Out-Null $keys = (([Hashtable]$UpdateParameters).clone()).Keys foreach ($key in $keys) { if ($null -ne $UpdateParameters.$key -and $UpdateParameters.$key.getType().Name -like '*cimInstance*') { $UpdateParameters.$key = Convert-M365DSCDRGComplexTypeToHashtable -ComplexObject $UpdateParameters.$key } } #region resource generator code $UpdateParameters.Add("@odata.type", "#microsoft.graph.windows10EndpointProtectionConfiguration") Update-MgBetaDeviceManagementDeviceConfiguration ` -DeviceConfigurationId $currentInstance.Id ` -BodyParameter $UpdateParameters $assignmentsHash = @() foreach ($assignment in $Assignments) { $assignmentsHash += Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $Assignment } Update-DeviceConfigurationPolicyAssignment -DeviceConfigurationPolicyId $currentInstance.id ` -Targets $assignmentsHash ` -Repository 'deviceManagement/deviceConfigurations' #endregion } elseif ($Ensure -eq 'Absent' -and $currentInstance.Ensure -eq 'Present') { Write-Verbose -Message "Removing the Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$($currentInstance.Id)}" #region resource generator code Remove-MgBetaDeviceManagementDeviceConfiguration -DeviceConfigurationId $currentInstance.Id #endregion } } function Test-TargetResource { [CmdletBinding()] [OutputType([System.Boolean])] param ( #region resource generator code [Parameter()] [System.Boolean] $ApplicationGuardAllowCameraMicrophoneRedirection, [Parameter()] [System.Boolean] $ApplicationGuardAllowFileSaveOnHost, [Parameter()] [System.Boolean] $ApplicationGuardAllowPersistence, [Parameter()] [System.Boolean] $ApplicationGuardAllowPrintToLocalPrinters, [Parameter()] [System.Boolean] $ApplicationGuardAllowPrintToNetworkPrinters, [Parameter()] [System.Boolean] $ApplicationGuardAllowPrintToPDF, [Parameter()] [System.Boolean] $ApplicationGuardAllowPrintToXPS, [Parameter()] [System.Boolean] $ApplicationGuardAllowVirtualGPU, [Parameter()] [ValidateSet('notConfigured', 'blockBoth', 'blockHostToContainer', 'blockContainerToHost', 'blockNone')] [System.String] $ApplicationGuardBlockClipboardSharing, [Parameter()] [ValidateSet('notConfigured', 'blockImageAndTextFile', 'blockImageFile', 'blockNone', 'blockTextFile')] [System.String] $ApplicationGuardBlockFileTransfer, [Parameter()] [System.Boolean] $ApplicationGuardBlockNonEnterpriseContent, [Parameter()] [System.String[]] $ApplicationGuardCertificateThumbprints, [Parameter()] [System.Boolean] $ApplicationGuardEnabled, [Parameter()] [ValidateSet('notConfigured', 'enabledForEdge', 'enabledForOffice', 'enabledForEdgeAndOffice')] [System.String] $ApplicationGuardEnabledOptions, [Parameter()] [System.Boolean] $ApplicationGuardForceAuditing, [Parameter()] [ValidateSet('notConfigured', 'enforceComponentsAndStoreApps', 'auditComponentsAndStoreApps', 'enforceComponentsStoreAppsAndSmartlocker', 'auditComponentsStoreAppsAndSmartlocker')] [System.String] $AppLockerApplicationControl, [Parameter()] [System.Boolean] $BitLockerAllowStandardUserEncryption, [Parameter()] [System.Boolean] $BitLockerDisableWarningForOtherDiskEncryption, [Parameter()] [System.Boolean] $BitLockerEnableStorageCardEncryptionOnMobile, [Parameter()] [System.Boolean] $BitLockerEncryptDevice, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $BitLockerFixedDrivePolicy, [Parameter()] [ValidateSet('notConfigured', 'disabled', 'enabledForAzureAd', 'enabledForAzureAdAndHybrid')] [System.String] $BitLockerRecoveryPasswordRotation, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $BitLockerRemovableDrivePolicy, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $BitLockerSystemDrivePolicy, [Parameter()] [System.String[]] $DefenderAdditionalGuardedFolders, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdobeReaderLaunchChildProcess, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderAdvancedRansomewareProtectionType, [Parameter()] [System.Boolean] $DefenderAllowBehaviorMonitoring, [Parameter()] [System.Boolean] $DefenderAllowCloudProtection, [Parameter()] [System.Boolean] $DefenderAllowEndUserAccess, [Parameter()] [System.Boolean] $DefenderAllowIntrusionPreventionSystem, [Parameter()] [System.Boolean] $DefenderAllowOnAccessProtection, [Parameter()] [System.Boolean] $DefenderAllowRealTimeMonitoring, [Parameter()] [System.Boolean] $DefenderAllowScanArchiveFiles, [Parameter()] [System.Boolean] $DefenderAllowScanDownloads, [Parameter()] [System.Boolean] $DefenderAllowScanNetworkFiles, [Parameter()] [System.Boolean] $DefenderAllowScanRemovableDrivesDuringFullScan, [Parameter()] [System.Boolean] $DefenderAllowScanScriptsLoadedInInternetExplorer, [Parameter()] [System.String[]] $DefenderAttackSurfaceReductionExcludedPaths, [Parameter()] [System.Boolean] $DefenderBlockEndUserAccess, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderBlockPersistenceThroughWmiType, [Parameter()] [System.Boolean] $DefenderCheckForSignaturesBeforeRunningScan, [Parameter()] [ValidateSet('notConfigured', 'high', 'highPlus', 'zeroTolerance')] [System.String] $DefenderCloudBlockLevel, [Parameter()] [System.Int32] $DefenderCloudExtendedTimeoutInSeconds, [Parameter()] [System.Int32] $DefenderDaysBeforeDeletingQuarantinedMalware, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $DefenderDetectedMalwareActions, [Parameter()] [System.Boolean] $DefenderDisableBehaviorMonitoring, [Parameter()] [System.Boolean] $DefenderDisableCatchupFullScan, [Parameter()] [System.Boolean] $DefenderDisableCatchupQuickScan, [Parameter()] [System.Boolean] $DefenderDisableCloudProtection, [Parameter()] [System.Boolean] $DefenderDisableIntrusionPreventionSystem, [Parameter()] [System.Boolean] $DefenderDisableOnAccessProtection, [Parameter()] [System.Boolean] $DefenderDisableRealTimeMonitoring, [Parameter()] [System.Boolean] $DefenderDisableScanArchiveFiles, [Parameter()] [System.Boolean] $DefenderDisableScanDownloads, [Parameter()] [System.Boolean] $DefenderDisableScanNetworkFiles, [Parameter()] [System.Boolean] $DefenderDisableScanRemovableDrivesDuringFullScan, [Parameter()] [System.Boolean] $DefenderDisableScanScriptsLoadedInInternetExplorer, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderEmailContentExecution, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderEmailContentExecutionType, [Parameter()] [System.Boolean] $DefenderEnableLowCpuPriority, [Parameter()] [System.Boolean] $DefenderEnableScanIncomingMail, [Parameter()] [System.Boolean] $DefenderEnableScanMappedNetworkDrivesDuringFullScan, [Parameter()] [System.String] $DefenderExploitProtectionXml, [Parameter()] [System.String] $DefenderExploitProtectionXmlFileName, [Parameter()] [System.String[]] $DefenderFileExtensionsToExclude, [Parameter()] [System.String[]] $DefenderFilesAndFoldersToExclude, [Parameter()] [System.String[]] $DefenderGuardedFoldersAllowedAppPaths, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'blockDiskModification', 'auditDiskModification')] [System.String] $DefenderGuardMyFoldersType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderNetworkProtectionType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunch, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsExecutableContentCreationOrLaunchType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsLaunchChildProcess, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsLaunchChildProcessType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeAppsOtherProcessInjection, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeAppsOtherProcessInjectionType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeCommunicationAppsLaunchChildProcess, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderOfficeMacroCodeAllowWin32Imports, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderOfficeMacroCodeAllowWin32ImportsType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPotentiallyUnwantedAppAction, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderPreventCredentialStealingType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderProcessCreation, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderProcessCreationType, [Parameter()] [System.String[]] $DefenderProcessesToExclude, [Parameter()] [ValidateSet('monitorAllFiles', 'monitorIncomingFilesOnly', 'monitorOutgoingFilesOnly')] [System.String] $DefenderScanDirection, [Parameter()] [System.Int32] $DefenderScanMaxCpuPercentage, [Parameter()] [ValidateSet('userDefined', 'disabled', 'quick', 'full')] [System.String] $DefenderScanType, [Parameter()] [System.TimeSpan] $DefenderScheduledQuickScanTime, [Parameter()] [ValidateSet('userDefined', 'everyday', 'sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'noScheduledScan')] [System.String] $DefenderScheduledScanDay, [Parameter()] [System.TimeSpan] $DefenderScheduledScanTime, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptDownloadedPayloadExecution, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptDownloadedPayloadExecutionType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderScriptObfuscatedMacroCode, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderScriptObfuscatedMacroCodeType, [Parameter()] [System.Boolean] $DefenderSecurityCenterBlockExploitProtectionOverride, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableAccountUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableAppBrowserUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableClearTpmUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableFamilyUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableHardwareUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableHealthUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableNetworkUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableNotificationAreaUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableRansomwareUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableSecureBootUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableTroubleshootingUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableVirusUI, [Parameter()] [System.Boolean] $DefenderSecurityCenterDisableVulnerableTpmFirmwareUpdateUI, [Parameter()] [System.String] $DefenderSecurityCenterHelpEmail, [Parameter()] [System.String] $DefenderSecurityCenterHelpPhone, [Parameter()] [System.String] $DefenderSecurityCenterHelpURL, [Parameter()] [ValidateSet('notConfigured', 'displayInAppAndInNotifications', 'displayOnlyInApp', 'displayOnlyInNotifications')] [System.String] $DefenderSecurityCenterITContactDisplay, [Parameter()] [ValidateSet('notConfigured', 'blockNoncriticalNotifications', 'blockAllNotifications')] [System.String] $DefenderSecurityCenterNotificationsFromApp, [Parameter()] [System.String] $DefenderSecurityCenterOrganizationDisplayName, [Parameter()] [System.Int32] $DefenderSignatureUpdateIntervalInHours, [Parameter()] [ValidateSet('sendSafeSamplesAutomatically', 'alwaysPrompt', 'neverSend', 'sendAllSamplesAutomatically')] [System.String] $DefenderSubmitSamplesConsentType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedExecutable, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedExecutableType, [Parameter()] [ValidateSet('userDefined', 'enable', 'auditMode', 'warn', 'notConfigured')] [System.String] $DefenderUntrustedUSBProcess, [Parameter()] [ValidateSet('userDefined', 'block', 'auditMode', 'warn', 'disable')] [System.String] $DefenderUntrustedUSBProcessType, [Parameter()] [System.Boolean] $DeviceGuardEnableSecureBootWithDMA, [Parameter()] [System.Boolean] $DeviceGuardEnableVirtualizationBasedSecurity, [Parameter()] [ValidateSet('notConfigured', 'enabled', 'disabled')] [System.String] $DeviceGuardLaunchSystemGuard, [Parameter()] [ValidateSet('notConfigured', 'enableWithUEFILock', 'enableWithoutUEFILock', 'disable')] [System.String] $DeviceGuardLocalSystemAuthorityCredentialGuardSettings, [Parameter()] [ValidateSet('notConfigured', 'withoutDMA', 'withDMA')] [System.String] $DeviceGuardSecureBootWithDMA, [Parameter()] [ValidateSet('deviceDefault', 'blockAll', 'allowAll')] [System.String] $DmaGuardDeviceEnumerationPolicy, [Parameter()] [System.Boolean] $FirewallBlockStatefulFTP, [Parameter()] [ValidateSet('deviceDefault', 'none', 'attempt', 'require')] [System.String] $FirewallCertificateRevocationListCheckMethod, [Parameter()] [System.Int32] $FirewallIdleTimeoutForSecurityAssociationInSeconds, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsAllowDHCP, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsAllowICMP, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsAllowNeighborDiscovery, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsAllowRouterDiscovery, [Parameter()] [System.Boolean] $FirewallIPSecExemptionsNone, [Parameter()] [System.Boolean] $FirewallMergeKeyingModuleSettings, [Parameter()] [ValidateSet('deviceDefault', 'disabled', 'queueInbound', 'queueOutbound', 'queueBoth')] [System.String] $FirewallPacketQueueingMethod, [Parameter()] [ValidateSet('deviceDefault', 'none', 'utF8')] [System.String] $FirewallPreSharedKeyEncodingMethod, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $FirewallProfileDomain, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $FirewallProfilePrivate, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $FirewallProfilePublic, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $FirewallRules, [Parameter()] [ValidateSet('lmAndNltm', 'lmNtlmAndNtlmV2', 'lmAndNtlmOnly', 'lmAndNtlmV2', 'lmNtlmV2AndNotLm', 'lmNtlmV2AndNotLmOrNtm')] [System.String] $LanManagerAuthenticationLevel, [Parameter()] [System.Boolean] $LanManagerWorkstationDisableInsecureGuestLogons, [Parameter()] [System.String] $LocalSecurityOptionsAdministratorAccountName, [Parameter()] [ValidateSet('notConfigured', 'elevateWithoutPrompting', 'promptForCredentialsOnTheSecureDesktop', 'promptForConsentOnTheSecureDesktop', 'promptForCredentials', 'promptForConsent', 'promptForConsentForNonWindowsBinaries')] [System.String] $LocalSecurityOptionsAdministratorElevationPromptBehavior, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowAnonymousEnumerationOfSAMAccountsAndShares, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowPKU2UAuthenticationRequests, [Parameter()] [System.String] $LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManager, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowRemoteCallsToSecurityAccountsManagerHelperBool, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowSystemToBeShutDownWithoutHavingToLogOn, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowUIAccessApplicationElevation, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowUIAccessApplicationsForSecureLocations, [Parameter()] [System.Boolean] $LocalSecurityOptionsAllowUndockWithoutHavingToLogon, [Parameter()] [System.Boolean] $LocalSecurityOptionsBlockMicrosoftAccounts, [Parameter()] [System.Boolean] $LocalSecurityOptionsBlockRemoteLogonWithBlankPassword, [Parameter()] [System.Boolean] $LocalSecurityOptionsBlockRemoteOpticalDriveAccess, [Parameter()] [System.Boolean] $LocalSecurityOptionsBlockUsersInstallingPrinterDrivers, [Parameter()] [System.Boolean] $LocalSecurityOptionsClearVirtualMemoryPageFile, [Parameter()] [System.Boolean] $LocalSecurityOptionsClientDigitallySignCommunicationsAlways, [Parameter()] [System.Boolean] $LocalSecurityOptionsClientSendUnencryptedPasswordToThirdPartySMBServers, [Parameter()] [System.Boolean] $LocalSecurityOptionsDetectApplicationInstallationsAndPromptForElevation, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableAdministratorAccount, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableClientDigitallySignCommunicationsIfServerAgrees, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableGuestAccount, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableServerDigitallySignCommunicationsAlways, [Parameter()] [System.Boolean] $LocalSecurityOptionsDisableServerDigitallySignCommunicationsIfClientAgrees, [Parameter()] [System.Boolean] $LocalSecurityOptionsDoNotAllowAnonymousEnumerationOfSAMAccounts, [Parameter()] [System.Boolean] $LocalSecurityOptionsDoNotRequireCtrlAltDel, [Parameter()] [System.Boolean] $LocalSecurityOptionsDoNotStoreLANManagerHashValueOnNextPasswordChange, [Parameter()] [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsFormatAndEjectOfRemovableMediaAllowedUser, [Parameter()] [System.String] $LocalSecurityOptionsGuestAccountName, [Parameter()] [System.Boolean] $LocalSecurityOptionsHideLastSignedInUser, [Parameter()] [System.Boolean] $LocalSecurityOptionsHideUsernameAtSignIn, [Parameter()] [ValidateSet('notConfigured', 'administrators', 'administratorsAndPowerUsers', 'administratorsAndInteractiveUsers')] [System.String] $LocalSecurityOptionsInformationDisplayedOnLockScreen, [Parameter()] [ValidateSet('notConfigured', 'userDisplayNameDomainUser', 'userDisplayNameOnly', 'doNotDisplayUser')] [System.String] $LocalSecurityOptionsInformationShownOnLockScreen, [Parameter()] [System.String] $LocalSecurityOptionsLogOnMessageText, [Parameter()] [System.String] $LocalSecurityOptionsLogOnMessageTitle, [Parameter()] [System.Int32] $LocalSecurityOptionsMachineInactivityLimit, [Parameter()] [System.Int32] $LocalSecurityOptionsMachineInactivityLimitInMinutes, [Parameter()] [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedClients, [Parameter()] [ValidateSet('none', 'requireNtmlV2SessionSecurity', 'require128BitEncryption', 'ntlmV2And128BitEncryption')] [System.String] $LocalSecurityOptionsMinimumSessionSecurityForNtlmSspBasedServers, [Parameter()] [System.Boolean] $LocalSecurityOptionsOnlyElevateSignedExecutables, [Parameter()] [System.Boolean] $LocalSecurityOptionsRestrictAnonymousAccessToNamedPipesAndShares, [Parameter()] [ValidateSet('noAction', 'lockWorkstation', 'forceLogoff', 'disconnectRemoteDesktopSession')] [System.String] $LocalSecurityOptionsSmartCardRemovalBehavior, [Parameter()] [ValidateSet('notConfigured', 'automaticallyDenyElevationRequests', 'promptForCredentialsOnTheSecureDesktop', 'promptForCredentials')] [System.String] $LocalSecurityOptionsStandardUserElevationPromptBehavior, [Parameter()] [System.Boolean] $LocalSecurityOptionsSwitchToSecureDesktopWhenPromptingForElevation, [Parameter()] [System.Boolean] $LocalSecurityOptionsUseAdminApprovalMode, [Parameter()] [System.Boolean] $LocalSecurityOptionsUseAdminApprovalModeForAdministrators, [Parameter()] [System.Boolean] $LocalSecurityOptionsVirtualizeFileAndRegistryWriteFailuresToPerUserLocations, [Parameter()] [System.Boolean] $SmartScreenBlockOverrideForFiles, [Parameter()] [System.Boolean] $SmartScreenEnableInShell, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsAccessCredentialManagerAsTrustedCaller, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsActAsPartOfTheOperatingSystem, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsAllowAccessFromNetwork, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsBackupData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsBlockAccessFromNetwork, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsChangeSystemTime, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreateGlobalObjects, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreatePageFile, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreatePermanentSharedObjects, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreateSymbolicLinks, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsCreateToken, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsDebugPrograms, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsDelegation, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsDenyLocalLogOn, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsGenerateSecurityAudits, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsImpersonateClient, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsIncreaseSchedulingPriority, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsLoadUnloadDrivers, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsLocalLogOn, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsLockMemory, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsManageAuditingAndSecurityLogs, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsManageVolumes, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsModifyFirmwareEnvironment, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsModifyObjectLabels, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsProfileSingleProcess, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsRemoteDesktopServicesLogOn, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsRemoteShutdown, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsRestoreData, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance] $UserRightsTakeOwnership, [Parameter()] [ValidateSet('notConfigured', 'enable', 'disable')] [System.String] $WindowsDefenderTamperProtection, [Parameter()] [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesAccessoryManagementServiceStartupMode, [Parameter()] [System.Boolean] $XboxServicesEnableXboxGameSaveTask, [Parameter()] [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveAuthManagerServiceStartupMode, [Parameter()] [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveGameSaveServiceStartupMode, [Parameter()] [ValidateSet('manual', 'automatic', 'disabled')] [System.String] $XboxServicesLiveNetworkingServiceStartupMode, [Parameter()] [System.String] $Description, [Parameter(Mandatory = $true)] [System.String] $DisplayName, [Parameter()] [System.Boolean] $SupportsScopeTags, [Parameter()] [System.String] $Id, [Parameter()] [Microsoft.Management.Infrastructure.CimInstance[]] $Assignments, #endregion [Parameter()] [System.String] [ValidateSet('Absent', 'Present')] $Ensure = 'Present', [Parameter()] [System.Management.Automation.PSCredential] $Credential, [Parameter()] [System.String] $ApplicationId, [Parameter()] [System.String] $TenantId, [Parameter()] [System.Management.Automation.PSCredential] $ApplicationSecret, [Parameter()] [System.String] $CertificateThumbprint, [Parameter()] [Switch] $ManagedIdentity ) #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion Write-Verbose -Message "Testing configuration of the Intune Device Configuration Endpoint Protection Policy for Windows10 with Id {$Id} and DisplayName {$DisplayName}" $CurrentValues = Get-TargetResource @PSBoundParameters $ValuesToCheck = ([Hashtable]$PSBoundParameters).clone() $ValuesToCheck = Remove-M365DSCAuthenticationParameter -BoundParameters $ValuesToCheck $ValuesToCheck.Remove('Id') | Out-Null if ($CurrentValues.Ensure -ne $PSBoundParameters.Ensure) { Write-Verbose -Message "Test-TargetResource returned $false" return $false } $testResult = $true #Compare Cim instances foreach ($key in $PSBoundParameters.Keys) { $source = $PSBoundParameters.$key $target = $CurrentValues.$key if ($source.getType().Name -like '*CimInstance*') { $source = Get-M365DSCDRGComplexTypeToHashtable -ComplexObject $source $testResult = Compare-M365DSCComplexObject ` -Source ($source) ` -Target ($target) if (-Not $testResult) { $testResult = $false break } $ValuesToCheck.Remove($key) | Out-Null } } Write-Verbose -Message "Current Values: $(Convert-M365DscHashtableToString -Hashtable $CurrentValues)" Write-Verbose -Message "Target Values: $(Convert-M365DscHashtableToString -Hashtable $ValuesToCheck)" if ($testResult) { $testResult = Test-M365DSCParameterState -CurrentValues $CurrentValues ` -Source $($MyInvocation.MyCommand.Source) ` -DesiredValues $PSBoundParameters ` -ValuesToCheck $ValuesToCheck.Keys } Write-Verbose -Message "Test-TargetResource returned $testResult" return $testResult } function Export-TargetResource { [CmdletBinding()] [OutputType([System.String])] param ( [Parameter()] [System.Management.Automation.PSCredential] $Credential, [Parameter()] [System.String] $ApplicationId, [Parameter()] [System.String] $TenantId, [Parameter()] [System.Management.Automation.PSCredential] $ApplicationSecret, [Parameter()] [System.String] $CertificateThumbprint, [Parameter()] [Switch] $ManagedIdentity ) $ConnectionMode = New-M365DSCConnection -Workload 'MicrosoftGraph' ` -InboundParameters $PSBoundParameters #Ensure the proper dependencies are installed in the current environment. Confirm-M365DSCDependencies #region Telemetry $ResourceName = $MyInvocation.MyCommand.ModuleName.Replace('MSFT_', '') $CommandName = $MyInvocation.MyCommand $data = Format-M365DSCTelemetryParameters -ResourceName $ResourceName ` -CommandName $CommandName ` -Parameters $PSBoundParameters Add-M365DSCTelemetryEvent -Data $data #endregion try { #region resource generator code [array]$getValue = Get-MgBetaDeviceManagementDeviceConfiguration ` -All ` -ErrorAction Stop | Where-Object ` -FilterScript { ` $_.AdditionalProperties.'@odata.type' -eq '#microsoft.graph.windows10EndpointProtectionConfiguration' ` } #endregion $i = 1 $dscContent = '' if ($getValue.Length -eq 0) { Write-Host $Global:M365DSCEmojiGreenCheckMark } else { Write-Host "`r`n" -NoNewline } foreach ($config in $getValue) { $displayedKey = $config.Id if (-not [String]::IsNullOrEmpty($config.displayName)) { $displayedKey = $config.displayName } Write-Host " |---[$i/$($getValue.Count)] $displayedKey" -NoNewline $params = @{ Id = $config.Id DisplayName = $config.displayName Ensure = 'Present' Credential = $Credential ApplicationId = $ApplicationId TenantId = $TenantId ApplicationSecret = $ApplicationSecret CertificateThumbprint = $CertificateThumbprint Managedidentity = $ManagedIdentity.IsPresent } $Results = Get-TargetResource @Params $Results = Update-M365DSCExportAuthenticationResults -ConnectionMode $ConnectionMode ` -Results $Results if ( $null -ne $Results.BitLockerFixedDrivePolicy) { $complexMapping = @( @{ Name = 'BitLockerFixedDrivePolicy' CimInstanceName = 'MicrosoftGraphBitLockerFixedDrivePolicy' IsRequired = $False } @{ Name = 'RecoveryOptions' CimInstanceName = 'MicrosoftGraphBitLockerRecoveryOptions' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.BitLockerFixedDrivePolicy ` -CIMInstanceName 'MicrosoftGraphbitLockerFixedDrivePolicy' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.BitLockerFixedDrivePolicy = $complexTypeStringResult } else { $Results.Remove('BitLockerFixedDrivePolicy') | Out-Null } } if ( $null -ne $Results.BitLockerRemovableDrivePolicy) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.BitLockerRemovableDrivePolicy ` -CIMInstanceName 'MicrosoftGraphbitLockerRemovableDrivePolicy' if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.BitLockerRemovableDrivePolicy = $complexTypeStringResult } else { $Results.Remove('BitLockerRemovableDrivePolicy') | Out-Null } } if ( $null -ne $Results.BitLockerSystemDrivePolicy) { $complexMapping = @( @{ Name = 'BitLockerSystemDrivePolicy' CimInstanceName = 'MicrosoftGraphBitLockerSystemDrivePolicy' IsRequired = $False } @{ Name = 'RecoveryOptions' CimInstanceName = 'MicrosoftGraphBitLockerRecoveryOptions' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.BitLockerSystemDrivePolicy ` -CIMInstanceName 'MicrosoftGraphbitLockerSystemDrivePolicy' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.BitLockerSystemDrivePolicy = $complexTypeStringResult } else { $Results.Remove('BitLockerSystemDrivePolicy') | Out-Null } } if ( $null -ne $Results.DefenderDetectedMalwareActions) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.DefenderDetectedMalwareActions ` -CIMInstanceName 'MicrosoftGraphdefenderDetectedMalwareActions' if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.DefenderDetectedMalwareActions = $complexTypeStringResult } else { $Results.Remove('DefenderDetectedMalwareActions') | Out-Null } } if ( $null -ne $Results.FirewallProfileDomain) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.FirewallProfileDomain ` -CIMInstanceName 'MicrosoftGraphwindowsFirewallNetworkProfile' if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.FirewallProfileDomain = $complexTypeStringResult } else { $Results.Remove('FirewallProfileDomain') | Out-Null } } if ( $null -ne $Results.FirewallProfilePrivate) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.FirewallProfilePrivate ` -CIMInstanceName 'MicrosoftGraphwindowsFirewallNetworkProfile' if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.FirewallProfilePrivate = $complexTypeStringResult } else { $Results.Remove('FirewallProfilePrivate') | Out-Null } } if ( $null -ne $Results.FirewallProfilePublic) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.FirewallProfilePublic ` -CIMInstanceName 'MicrosoftGraphwindowsFirewallNetworkProfile' if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.FirewallProfilePublic = $complexTypeStringResult } else { $Results.Remove('FirewallProfilePublic') | Out-Null } } if ( $null -ne $Results.FirewallRules) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.FirewallRules ` -CIMInstanceName 'MicrosoftGraphwindowsFirewallRule' if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.FirewallRules = $complexTypeStringResult } else { $Results.Remove('FirewallRules') | Out-Null } } if ( $null -ne $Results.UserRightsAccessCredentialManagerAsTrustedCaller) { $complexMapping = @( @{ Name = 'UserRightsAccessCredentialManagerAsTrustedCaller' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsAccessCredentialManagerAsTrustedCaller ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsAccessCredentialManagerAsTrustedCaller = $complexTypeStringResult } else { $Results.Remove('UserRightsAccessCredentialManagerAsTrustedCaller') | Out-Null } } if ( $null -ne $Results.UserRightsActAsPartOfTheOperatingSystem) { $complexMapping = @( @{ Name = 'UserRightsActAsPartOfTheOperatingSystem' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsActAsPartOfTheOperatingSystem ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsActAsPartOfTheOperatingSystem = $complexTypeStringResult } else { $Results.Remove('UserRightsActAsPartOfTheOperatingSystem') | Out-Null } } if ( $null -ne $Results.UserRightsAllowAccessFromNetwork) { $complexMapping = @( @{ Name = 'UserRightsAllowAccessFromNetwork' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsAllowAccessFromNetwork ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsAllowAccessFromNetwork = $complexTypeStringResult } else { $Results.Remove('UserRightsAllowAccessFromNetwork') | Out-Null } } if ( $null -ne $Results.UserRightsBackupData) { $complexMapping = @( @{ Name = 'UserRightsBackupData' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsBackupData ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsBackupData = $complexTypeStringResult } else { $Results.Remove('UserRightsBackupData') | Out-Null } } if ( $null -ne $Results.UserRightsBlockAccessFromNetwork) { $complexMapping = @( @{ Name = 'UserRightsBlockAccessFromNetwork' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsBlockAccessFromNetwork ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsBlockAccessFromNetwork = $complexTypeStringResult } else { $Results.Remove('UserRightsBlockAccessFromNetwork') | Out-Null } } if ( $null -ne $Results.UserRightsChangeSystemTime) { $complexMapping = @( @{ Name = 'UserRightsChangeSystemTime' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsChangeSystemTime ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsChangeSystemTime = $complexTypeStringResult } else { $Results.Remove('UserRightsChangeSystemTime') | Out-Null } } if ( $null -ne $Results.UserRightsCreateGlobalObjects) { $complexMapping = @( @{ Name = 'UserRightsCreateGlobalObjects' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsCreateGlobalObjects ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreateGlobalObjects = $complexTypeStringResult } else { $Results.Remove('UserRightsCreateGlobalObjects') | Out-Null } } if ( $null -ne $Results.UserRightsCreatePageFile) { $complexMapping = @( @{ Name = 'UserRightsCreatePageFile' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsCreatePageFile ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreatePageFile = $complexTypeStringResult } else { $Results.Remove('UserRightsCreatePageFile') | Out-Null } } if ( $null -ne $Results.UserRightsCreatePermanentSharedObjects) { $complexMapping = @( @{ Name = 'UserRightsCreatePermanentSharedObjects' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsCreatePermanentSharedObjects ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreatePermanentSharedObjects = $complexTypeStringResult } else { $Results.Remove('UserRightsCreatePermanentSharedObjects') | Out-Null } } if ( $null -ne $Results.UserRightsCreateSymbolicLinks) { $complexMapping = @( @{ Name = 'UserRightsCreateSymbolicLinks' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsCreateSymbolicLinks ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreateSymbolicLinks = $complexTypeStringResult } else { $Results.Remove('UserRightsCreateSymbolicLinks') | Out-Null } } if ( $null -ne $Results.UserRightsCreateToken) { $complexMapping = @( @{ Name = 'UserRightsCreateToken' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsCreateToken ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsCreateToken = $complexTypeStringResult } else { $Results.Remove('UserRightsCreateToken') | Out-Null } } if ( $null -ne $Results.UserRightsDebugPrograms) { $complexMapping = @( @{ Name = 'UserRightsDebugPrograms' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsDebugPrograms ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsDebugPrograms = $complexTypeStringResult } else { $Results.Remove('UserRightsDebugPrograms') | Out-Null } } if ( $null -ne $Results.UserRightsDelegation) { $complexMapping = @( @{ Name = 'UserRightsDelegation' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsDelegation ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsDelegation = $complexTypeStringResult } else { $Results.Remove('UserRightsDelegation') | Out-Null } } if ( $null -ne $Results.UserRightsDenyLocalLogOn) { $complexMapping = @( @{ Name = 'UserRightsDenyLocalLogOn' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsDenyLocalLogOn ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsDenyLocalLogOn = $complexTypeStringResult } else { $Results.Remove('UserRightsDenyLocalLogOn') | Out-Null } } if ( $null -ne $Results.UserRightsGenerateSecurityAudits) { $complexMapping = @( @{ Name = 'UserRightsGenerateSecurityAudits' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsGenerateSecurityAudits ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsGenerateSecurityAudits = $complexTypeStringResult } else { $Results.Remove('UserRightsGenerateSecurityAudits') | Out-Null } } if ( $null -ne $Results.UserRightsImpersonateClient) { $complexMapping = @( @{ Name = 'UserRightsImpersonateClient' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsImpersonateClient ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsImpersonateClient = $complexTypeStringResult } else { $Results.Remove('UserRightsImpersonateClient') | Out-Null } } if ( $null -ne $Results.UserRightsIncreaseSchedulingPriority) { $complexMapping = @( @{ Name = 'UserRightsIncreaseSchedulingPriority' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsIncreaseSchedulingPriority ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsIncreaseSchedulingPriority = $complexTypeStringResult } else { $Results.Remove('UserRightsIncreaseSchedulingPriority') | Out-Null } } if ( $null -ne $Results.UserRightsLoadUnloadDrivers) { $complexMapping = @( @{ Name = 'UserRightsLoadUnloadDrivers' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsLoadUnloadDrivers ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsLoadUnloadDrivers = $complexTypeStringResult } else { $Results.Remove('UserRightsLoadUnloadDrivers') | Out-Null } } if ( $null -ne $Results.UserRightsLocalLogOn) { $complexMapping = @( @{ Name = 'UserRightsLocalLogOn' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsLocalLogOn ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsLocalLogOn = $complexTypeStringResult } else { $Results.Remove('UserRightsLocalLogOn') | Out-Null } } if ( $null -ne $Results.UserRightsLockMemory) { $complexMapping = @( @{ Name = 'UserRightsLockMemory' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsLockMemory ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsLockMemory = $complexTypeStringResult } else { $Results.Remove('UserRightsLockMemory') | Out-Null } } if ( $null -ne $Results.UserRightsManageAuditingAndSecurityLogs) { $complexMapping = @( @{ Name = 'UserRightsManageAuditingAndSecurityLogs' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsManageAuditingAndSecurityLogs ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsManageAuditingAndSecurityLogs = $complexTypeStringResult } else { $Results.Remove('UserRightsManageAuditingAndSecurityLogs') | Out-Null } } if ( $null -ne $Results.UserRightsManageVolumes) { $complexMapping = @( @{ Name = 'UserRightsManageVolumes' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsManageVolumes ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsManageVolumes = $complexTypeStringResult } else { $Results.Remove('UserRightsManageVolumes') | Out-Null } } if ( $null -ne $Results.UserRightsModifyFirmwareEnvironment) { $complexMapping = @( @{ Name = 'UserRightsModifyFirmwareEnvironment' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsModifyFirmwareEnvironment ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsModifyFirmwareEnvironment = $complexTypeStringResult } else { $Results.Remove('UserRightsModifyFirmwareEnvironment') | Out-Null } } if ( $null -ne $Results.UserRightsModifyObjectLabels) { $complexMapping = @( @{ Name = 'UserRightsModifyObjectLabels' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsModifyObjectLabels ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsModifyObjectLabels = $complexTypeStringResult } else { $Results.Remove('UserRightsModifyObjectLabels') | Out-Null } } if ( $null -ne $Results.UserRightsProfileSingleProcess) { $complexMapping = @( @{ Name = 'UserRightsProfileSingleProcess' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsProfileSingleProcess ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsProfileSingleProcess = $complexTypeStringResult } else { $Results.Remove('UserRightsProfileSingleProcess') | Out-Null } } if ( $null -ne $Results.UserRightsRemoteDesktopServicesLogOn) { $complexMapping = @( @{ Name = 'UserRightsRemoteDesktopServicesLogOn' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsRemoteDesktopServicesLogOn ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsRemoteDesktopServicesLogOn = $complexTypeStringResult } else { $Results.Remove('UserRightsRemoteDesktopServicesLogOn') | Out-Null } } if ( $null -ne $Results.UserRightsRemoteShutdown) { $complexMapping = @( @{ Name = 'UserRightsRemoteShutdown' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsRemoteShutdown ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsRemoteShutdown = $complexTypeStringResult } else { $Results.Remove('UserRightsRemoteShutdown') | Out-Null } } if ( $null -ne $Results.UserRightsRestoreData) { $complexMapping = @( @{ Name = 'UserRightsRestoreData' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsRestoreData ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsRestoreData = $complexTypeStringResult } else { $Results.Remove('UserRightsRestoreData') | Out-Null } } if ( $null -ne $Results.UserRightsTakeOwnership) { $complexMapping = @( @{ Name = 'UserRightsTakeOwnership' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsSetting' IsRequired = $False } @{ Name = 'LocalUsersOrGroups' CimInstanceName = 'MicrosoftGraphDeviceManagementUserRightsLocalUserOrGroup' IsRequired = $False } ) $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString ` -ComplexObject $Results.UserRightsTakeOwnership ` -CIMInstanceName 'MicrosoftGraphdeviceManagementUserRightsSetting' ` -ComplexTypeMapping $complexMapping if (-Not [String]::IsNullOrWhiteSpace($complexTypeStringResult)) { $Results.UserRightsTakeOwnership = $complexTypeStringResult } else { $Results.Remove('UserRightsTakeOwnership') | Out-Null } } if ($Results.Assignments) { $complexTypeStringResult = Get-M365DSCDRGComplexTypeToString -ComplexObject $Results.Assignments -CIMInstanceName DeviceManagementConfigurationPolicyAssignments if ($complexTypeStringResult) { $Results.Assignments = $complexTypeStringResult } else { $Results.Remove('Assignments') | Out-Null } } $currentDSCBlock = Get-M365DSCExportContentForResource -ResourceName $ResourceName ` -ConnectionMode $ConnectionMode ` -ModulePath $PSScriptRoot ` -Results $Results ` -Credential $Credential if ($Results.BitLockerFixedDrivePolicy) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'BitLockerFixedDrivePolicy' -IsCIMArray:$False } if ($Results.BitLockerRemovableDrivePolicy) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'BitLockerRemovableDrivePolicy' -IsCIMArray:$False } if ($Results.BitLockerSystemDrivePolicy) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'BitLockerSystemDrivePolicy' -IsCIMArray:$False } if ($Results.DefenderDetectedMalwareActions) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'DefenderDetectedMalwareActions' -IsCIMArray:$False } if ($Results.FirewallProfileDomain) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallProfileDomain' -IsCIMArray:$False } if ($Results.FirewallProfilePrivate) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallProfilePrivate' -IsCIMArray:$False } if ($Results.FirewallProfilePublic) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallProfilePublic' -IsCIMArray:$False } if ($Results.FirewallRules) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'FirewallRules' -IsCIMArray:$True } if ($Results.UserRightsAccessCredentialManagerAsTrustedCaller) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsAccessCredentialManagerAsTrustedCaller' -IsCIMArray:$False } if ($Results.UserRightsActAsPartOfTheOperatingSystem) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsActAsPartOfTheOperatingSystem' -IsCIMArray:$False } if ($Results.UserRightsAllowAccessFromNetwork) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsAllowAccessFromNetwork' -IsCIMArray:$False } if ($Results.UserRightsBackupData) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsBackupData' -IsCIMArray:$False } if ($Results.UserRightsBlockAccessFromNetwork) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsBlockAccessFromNetwork' -IsCIMArray:$False } if ($Results.UserRightsChangeSystemTime) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsChangeSystemTime' -IsCIMArray:$False } if ($Results.UserRightsCreateGlobalObjects) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreateGlobalObjects' -IsCIMArray:$False } if ($Results.UserRightsCreatePageFile) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreatePageFile' -IsCIMArray:$False } if ($Results.UserRightsCreatePermanentSharedObjects) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreatePermanentSharedObjects' -IsCIMArray:$False } if ($Results.UserRightsCreateSymbolicLinks) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreateSymbolicLinks' -IsCIMArray:$False } if ($Results.UserRightsCreateToken) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsCreateToken' -IsCIMArray:$False } if ($Results.UserRightsDebugPrograms) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsDebugPrograms' -IsCIMArray:$False } if ($Results.UserRightsDelegation) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsDelegation' -IsCIMArray:$False } if ($Results.UserRightsDenyLocalLogOn) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsDenyLocalLogOn' -IsCIMArray:$False } if ($Results.UserRightsGenerateSecurityAudits) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsGenerateSecurityAudits' -IsCIMArray:$False } if ($Results.UserRightsImpersonateClient) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsImpersonateClient' -IsCIMArray:$False } if ($Results.UserRightsIncreaseSchedulingPriority) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsIncreaseSchedulingPriority' -IsCIMArray:$False } if ($Results.UserRightsLoadUnloadDrivers) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsLoadUnloadDrivers' -IsCIMArray:$False } if ($Results.UserRightsLocalLogOn) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsLocalLogOn' -IsCIMArray:$False } if ($Results.UserRightsLockMemory) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsLockMemory' -IsCIMArray:$False } if ($Results.UserRightsManageAuditingAndSecurityLogs) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsManageAuditingAndSecurityLogs' -IsCIMArray:$False } if ($Results.UserRightsManageVolumes) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsManageVolumes' -IsCIMArray:$False } if ($Results.UserRightsModifyFirmwareEnvironment) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsModifyFirmwareEnvironment' -IsCIMArray:$False } if ($Results.UserRightsModifyObjectLabels) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsModifyObjectLabels' -IsCIMArray:$False } if ($Results.UserRightsProfileSingleProcess) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsProfileSingleProcess' -IsCIMArray:$False } if ($Results.UserRightsRemoteDesktopServicesLogOn) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsRemoteDesktopServicesLogOn' -IsCIMArray:$False } if ($Results.UserRightsRemoteShutdown) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsRemoteShutdown' -IsCIMArray:$False } if ($Results.UserRightsRestoreData) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsRestoreData' -IsCIMArray:$False } if ($Results.UserRightsTakeOwnership) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'UserRightsTakeOwnership' -IsCIMArray:$False } if ($Results.Assignments) { $currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName 'Assignments' -IsCIMArray:$true } #removing trailing commas and semi colons between items of an array of cim instances added by Convert-DSCStringParamToVariable $currentDSCBlock = $currentDSCBlock.replace( " ,`r`n" , " `r`n" ) $currentDSCBlock = $currentDSCBlock.replace( "`r`n;`r`n" , "`r`n" ) $dscContent += $currentDSCBlock Save-M365DSCPartialExport -Content $currentDSCBlock ` -FileName $Global:PartialExportFileName $i++ Write-Host $Global:M365DSCEmojiGreenCheckMark } return $dscContent } catch { if ($_.Exception -like '*401*' -or $_.ErrorDetails.Message -like "*`"ErrorCode`":`"Forbidden`"*" -or ` $_.Exception -like "*Request not applicable to target tenant*") { Write-Host "`r`n $($Global:M365DSCEmojiYellowCircle) The current tenant is not registered for Intune." } else { Write-Host $Global:M365DSCEmojiRedX New-M365DSCLogEntry -Message 'Error during Export:' ` -Exception $_ ` -Source $($MyInvocation.MyCommand.Source) ` -TenantId $TenantId ` -Credential $Credential } return '' } } Export-ModuleMember -Function *-TargetResource |